You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Peter Ledbrook (JIRA)" <ji...@apache.org> on 2010/01/13 13:31:54 UTC
[jira] Created: (SHIRO-130) ShiroFilter does not work with proxied
security manager
ShiroFilter does not work with proxied security manager
-------------------------------------------------------
Key: SHIRO-130
URL: https://issues.apache.org/jira/browse/SHIRO-130
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.0
Reporter: Peter Ledbrook
Fix For: 1.0
The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (SHIRO-130) ShiroFilter does not work
with proxied security manager
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805415#action_12805415 ]
Peter Ledbrook edited comment on SHIRO-130 at 1/27/10 8:29 AM:
---------------------------------------------------------------
I don't mind implementing this if we have an agreed approach. Should we introduce a WebSecurityManager interface again?
was (Author: pledbrook):
I don't mind implementing this if we have an agreed approach. Should we introduce a <tt>WebSecurityManager</tt> interface again?
> ShiroFilter does not work with proxied security manager
> -------------------------------------------------------
>
> Key: SHIRO-130
> URL: https://issues.apache.org/jira/browse/SHIRO-130
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0
> Reporter: Peter Ledbrook
> Fix For: 1.0
>
>
> The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
> This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
> Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-130) ShiroFilter does not work with
proxied security manager
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805415#action_12805415 ]
Peter Ledbrook commented on SHIRO-130:
--------------------------------------
I don't mind implementing this if we have an agreed approach. Should we introduce a <tt>WebSecurityManager</tt> interface again?
> ShiroFilter does not work with proxied security manager
> -------------------------------------------------------
>
> Key: SHIRO-130
> URL: https://issues.apache.org/jira/browse/SHIRO-130
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0
> Reporter: Peter Ledbrook
> Fix For: 1.0
>
>
> The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
> This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
> Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SHIRO-130) ShiroFilter does not work with proxied
security manager
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Ledbrook reassigned SHIRO-130:
------------------------------------
Assignee: Peter Ledbrook
> ShiroFilter does not work with proxied security manager
> -------------------------------------------------------
>
> Key: SHIRO-130
> URL: https://issues.apache.org/jira/browse/SHIRO-130
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0
> Reporter: Peter Ledbrook
> Assignee: Peter Ledbrook
> Fix For: 1.0
>
>
> The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
> This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
> Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-130) ShiroFilter does not work with
proxied security manager
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805940#action_12805940 ]
Les Hazlewood commented on SHIRO-130:
-------------------------------------
I think that's a good idea - interfaces are so much better than instanceof checks (yuck)
> ShiroFilter does not work with proxied security manager
> -------------------------------------------------------
>
> Key: SHIRO-130
> URL: https://issues.apache.org/jira/browse/SHIRO-130
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0
> Reporter: Peter Ledbrook
> Fix For: 1.0
>
>
> The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
> This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
> Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (SHIRO-130) ShiroFilter does not work with proxied
security manager
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Ledbrook closed SHIRO-130.
--------------------------------
Resolution: Fixed
> ShiroFilter does not work with proxied security manager
> -------------------------------------------------------
>
> Key: SHIRO-130
> URL: https://issues.apache.org/jira/browse/SHIRO-130
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.0
> Reporter: Peter Ledbrook
> Assignee: Peter Ledbrook
> Fix For: 1.0
>
>
> The {{ShiroFilter.isHttpSessions()}} method does an {{instanceof}} check on the security manager, checking whether it's an instance of {{DefaultWebSecurityManager}}.
> This doesn't work when the security manager is a JDK proxy to a {{DefaultWebSecurityManager}} because the proxy implements the {{SecurityManager}} interface, which doesn't have the {{isHttpSessions()}} method.
> Perhaps we should have a {{WebSecurityManager}} interface with the {{isHttpSessions()}} method defined on it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.