You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Orlov <oo...@mail.ru> on 2020/11/20 18:09:58 UTC
Re[4]: How to clear thread after Subject.login()
Hi Brian,
I’ve studied ExampleShiroIntegrationTest and I can’t understand one thing.
How can this IT work if the subject we provided isn’t authenticated (+no permissions etc)?
Or is it supposed that for IT tests we will have mock SecurityRealm? Could you explain?
--
Best regards, Alex Orlov
>Пятница, 20 ноября 2020, 20:58 +03:00 от Brian Demers <br...@gmail.com>:
>
>You have a couple of options, you could either do something like this:
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/test/java/org/apache/shiro/test/ExampleShiroIntegrationTest.java
>
>Or you could do something like:
>
>@Test
>public void myTest() {
> Subject subject = buildYourTestSubject();
>
> subject.execute(new Runnable() {
> assertThat(yourCode, worksCorrectly());
> }
>}
>
>You could also call ThreadContext.remove() if you didn't want to do either of the above
>https://github.com/apache/shiro/blob/0e5a4428bcaa0a4c03680f5faad5a4c897379497/core/src/main/java/org/apache/shiro/util/ThreadContext.java#L203
>
>On Fri, Nov 20, 2020 at 11:19 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hi Brian
>>
>>I am talking about using Shiro in my test (or in any NON WEB environment).
>>
>>consider the following code:
>>
>>@Test
>>public void testMe() {
>> var subject = SecurityUtils.getSubject();
>> subject.login(new SomeToken());
>> //here subject is bound to thread (as I understand!!!)
>>}
>>
>>I’ve read this
>>Subject subject = new Subject.Builder()...
>>ThreadState threadState = new SubjectThreadState(subject);
>>threadState.bind();
>>try {
>> //execute work as the built Subject
>>} finally {
>> //ensure any state is cleaned so the thread won't be
>> //corrupt in a reusable or pooled thread environment
>> threadState.clear();
>>}
>>
>>but this is not my situation, as when I do subject.login(...) I don’t manually bind
>>subject to thread. And I want to understand how to unbind thread after subject.login().
>>Or I understand something wrong?
>>
>>
>>--
>>Best regards, Alex Orlov
>>
>>
>>>Пятница, 20 ноября 2020, 18:48 +03:00 от Brian Demers < brian.demers@gmail.com >:
>>>
>>>What type of application are you building? For web applications Shiro can handle the Login (collecting of the username/password) and the thread binding for you, so you don't actually need to do that. (this all happens with the ShiroFilter, and associated chain)
>>>
>>>That said, if you do not want to use shiro-web, you could accomplish the same thing by sticking your code in a Runnable:
>>>https://github.com/apache/shiro/blob/b0091dfef63288f957389bce42f5a8e85329a1aa/web/src/main/java/org/apache/shiro/web/servlet/AbstractShiroFilter.java#L359-L368
>>>
>>>Take a look at the Subject / Thread Association doc:
>>>https://shiro.apache.org/subject.html#thread-association
>>>On Fri, Nov 20, 2020 at 8:50 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>>>Hi all,
>>>>
>>>>I use the following code:
>>>>var subject = SecurityUtils.getSubject();
>>>>subject.login(new SomeToken());
>>>>
>>>>As I understand, after `subject.login(new SomeToken())` if subject successfully logs in, he
>>>>is bound to the current thread. Could anyone say how I can clear current thread, without subject.logout()?
>>>>I just want the subject leaves in system until it is necessary again (for example until next request).
>>>>
>>>>I’ve read this article https://shiro.apache.org/subject.html but didn’t find answer there. Please, help.
>>>>
>>>>--
>>>>Best regards, Alex Orlov
>>