You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Ryan McKinley <ry...@gmail.com> on 2009/03/28 04:21:21 UTC

JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY

In an effort to answer a previous question -- how to get the current  
SecurityManager in a WebApp,  I stumbled into:
   JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY

It *seems* like a key in the servlet context for the Manager, but I  
don't see it set anywhere and don't get any results with:

   WebApplication.get().getServletContext().getAttribute(
     JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY );


Am i missing something?

Thanks again!
ryan

Re: JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY

Posted by Ryan McKinley <ry...@gmail.com>.

Makes sense, I was just temped to use it since it features so  
prominently in the SecurityUtils class.

Also, i thought it would be interesting to have runtime debug info  
telling you the SecurityManager state/settings.  This is more as a  
learning exercise then a real use case.


On Mar 28, 2009, at 3:36 PM, Les Hazlewood wrote:

> That apparently isn't being used anymore - I need to remove it.  In  
> short, the SecurityManager instance is bound to the currently  
> executing thread for use in the SecurityUtils implementation.  It  
> really shouldn't be accessed inside of GUI code.
>
> Instead, SecurityUtils.getSubject() should be used for everything  
> related to the currently executing subject, aka 'user'.
>
> On Fri, Mar 27, 2009 at 11:21 PM, Ryan McKinley <ry...@gmail.com>  
> wrote:
> In an effort to answer a previous question -- how to get the current  
> SecurityManager in a WebApp,  I stumbled into:
>   JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY
>
> It *seems* like a key in the servlet context for the Manager, but I  
> don't see it set anywhere and don't get any results with:
>
>   WebApplication.get().getServletContext().getAttribute(
>     JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY );
>
>
> Am i missing something?
>
> Thanks again!
> ryan
>

Re: JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY

Posted by Les Hazlewood <lh...@apache.org>.

That apparently isn't being used anymore - I need to remove it.  In short,
the SecurityManager instance is bound to the currently executing thread for
use in the SecurityUtils implementation.  It really shouldn't be accessed
inside of GUI code.

Instead, SecurityUtils.getSubject() should be used for everything related to
the currently executing subject, aka 'user'.

On Fri, Mar 27, 2009 at 11:21 PM, Ryan McKinley <ry...@gmail.com> wrote:

> In an effort to answer a previous question -- how to get the current
> SecurityManager in a WebApp,  I stumbled into:
>   JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY
>
> It *seems* like a key in the servlet context for the Manager, but I don't
> see it set anywhere and don't get any results with:
>
>   WebApplication.get().getServletContext().getAttribute(
>     JSecurityFilter.SECURITY_MANAGER_CONTEXT_KEY );
>
>
> Am i missing something?
>
> Thanks again!
> ryan
>