You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Benjamin Marwell (Jira)" <ji...@apache.org> on 2020/01/21 23:00:00 UTC
[jira] [Commented] (SHIRO-630) ModularRealmAuthorizer ignores
JAX-RS proxied Realms
[ https://issues.apache.org/jira/browse/SHIRO-630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17020632#comment-17020632 ]
Benjamin Marwell commented on SHIRO-630:
----------------------------------------
Hello [~lyonssp].
First of all, JAX-RS doesn't do dependency injection. It will only provide endpoints for rest based web APIs.
You are probably referring to CDI or its reference implementation WELD.
InstanceOf should work for injected proxies. Maybe your custom realm does not implement Authorizer? Can we see some code snippets and how you use injection?
Thanks,
Ben
> ModularRealmAuthorizer ignores JAX-RS proxied Realms
> ----------------------------------------------------
>
> Key: SHIRO-630
> URL: https://issues.apache.org/jira/browse/SHIRO-630
> Project: Shiro
> Issue Type: Bug
> Environment: Jersey version 2.25
> Shiro version 1.2+
> Reporter: Sean Lyons
> Priority: Major
>
> I'm developing in a web environment that uses JAX-RS for dependency injection. I'd like to inject my realms by proxy so that they can be injected in request scope into singleton parents. However, the logic in ModularRealmAuthorizer#isPermitted(PrincipalCollection, Permission) does an `instanceof Authorizer` check that will fail for proxied, injected realms because they are of type `Proxy`. This issue seems to appear in versions 1.2 and later.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)