You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by tkofford <tk...@ku.edu> on 2011/05/05 16:43:04 UTC

Shiro enabled Portlet - UnavailableSecurityManagerException

I'm using a combination of shiro & struts2 and have no problems when this is
a standalone web application. 

However, when I try and make that same web application into a JSR 168
portlet via the struts2 portlet plug-in (as I've done successfully many
times before), I always get a "UnavailableSecurityManagerException" with the
message:

"No SecurityManager accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an
invalid application configuration."

When I traced into the shiro code, the following sequence occurred:
SecurityUtils->getSubject()
  -ThreadContext.getSubject() returned null
  -(new Subject.Builder()).buildSubject();
      -ThreadContext.getSecurityManager(); returned null
      -SecurityUtils.securityManager is also null
      -throws UnavailableSecurityManagerException

I'm not even sure if shiro supports this type of implementation, or if this
is the correct forum to post this, but I'd love to use shiro in my portlet
if possible.

I'm using shiro 1.1.0 and struts 2.2.1.1

Any suggestions?

Thanks in advance,

Todd Kofford
tkofford@ku.edu


--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-enabled-Portlet-UnavailableSecurityManagerException-tp6334470p6334470.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Shiro enabled Portlet - UnavailableSecurityManagerException

Posted by Les Hazlewood <lh...@apache.org>.

Hi Ted,

Thanks very much for sharing your solution - hopefully this will help
others in portlet environments as well!

Regards,

Les

On Fri, May 6, 2011 at 7:56 AM, tkofford <tk...@ku.edu> wrote:
> Les, thanks a lot for the help and for the prompt reply!
>
> I did finally get it to work. I had to add the REQUEST & INCLUDE
> <dispatcher> elements for the shiro filter mapping in my web.xml. Below is
> the configuration that I have for shiro & struts:
>
>  <filter>
>      <filter-name>shiro</filter-name>
>
> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
>      <init-param>
>        <param-name>configPath</param-name>
>        <param-value>classpath:shiro.ini</param-value>
>      </init-param>
>  </filter>
>
>  <filter>
>    <filter-name>struts2</filter-name>
>
> <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
>  </filter>
>
>  <filter-mapping>
>      <filter-name>shiro</filter-name>
>      <url-pattern>/*</url-pattern>
>      <dispatcher>REQUEST</dispatcher>
>      <dispatcher>INCLUDE</dispatcher>
>  </filter-mapping>
>
>  <filter-mapping>
>    <filter-name>struts2</filter-name>
>    <url-pattern>/*</url-pattern>
>  </filter-mapping>
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-enabled-Portlet-UnavailableSecurityManagerException-tp6334470p6337830.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Re: Shiro enabled Portlet - UnavailableSecurityManagerException

Posted by tkofford <tk...@ku.edu>.

Les, thanks a lot for the help and for the prompt reply!

I did finally get it to work. I had to add the REQUEST & INCLUDE
<dispatcher> elements for the shiro filter mapping in my web.xml. Below is
the configuration that I have for shiro & struts:

  <filter>
      <filter-name>shiro</filter-name>
     
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
      <init-param>
        <param-name>configPath</param-name>
        <param-value>classpath:shiro.ini</param-value>
      </init-param>
  </filter>
  
  <filter>
    <filter-name>struts2</filter-name>
   
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
  </filter>

  <filter-mapping>
      <filter-name>shiro</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>INCLUDE</dispatcher>
  </filter-mapping>
  
  <filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-enabled-Portlet-UnavailableSecurityManagerException-tp6334470p6337830.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Shiro enabled Portlet - UnavailableSecurityManagerException

Posted by Les Hazlewood <lh...@apache.org>.

Something needs to set-up and bind the Subject to the current thread
before the portlet is invoked.

In a normal webapp, the ShiroFilter does this via the Subject.Builder
and then calls builtSubject.execute(...filterChain...), which
guarantees that the built Subject (and the corresponding
SecurityManager) is bound and then unbound to/from the thread before
and after the 'execute' method call, respectively.

You'll need to use a similar 'filter' mechanism for the portlet
environment to ensure the setup/teardown occurs for any request that
the container services.

Here is the ShiroFilter implementation that performs this
setup/teardown, if it helps:

http://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java

Does this help/make sense?

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

On Thu, May 5, 2011 at 7:43 AM, tkofford <tk...@ku.edu> wrote:
> I'm using a combination of shiro & struts2 and have no problems when this is
> a standalone web application.
>
> However, when I try and make that same web application into a JSR 168
> portlet via the struts2 portlet plug-in (as I've done successfully many
> times before), I always get a "UnavailableSecurityManagerException" with the
> message:
>
> "No SecurityManager accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an
> invalid application configuration."
>
> When I traced into the shiro code, the following sequence occurred:
> SecurityUtils->getSubject()
>  -ThreadContext.getSubject() returned null
>  -(new Subject.Builder()).buildSubject();
>      -ThreadContext.getSecurityManager(); returned null
>      -SecurityUtils.securityManager is also null
>      -throws UnavailableSecurityManagerException
>
> I'm not even sure if shiro supports this type of implementation, or if this
> is the correct forum to post this, but I'd love to use shiro in my portlet
> if possible.
>
> I'm using shiro 1.1.0 and struts 2.2.1.1
>
> Any suggestions?
>
> Thanks in advance,
>
> Todd Kofford
> tkofford@ku.edu
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-enabled-Portlet-UnavailableSecurityManagerException-tp6334470p6334470.html
> Sent from the Shiro User mailing list archive at Nabble.com.