ButtUgly: Main_comments_100910

Thank You!

--Anonymous Regexp, 30-Sep-2010

Pretty cool

--AnonymousCoward, 12-Dec-2010

Hi,

Thanks for the code, I've used it (with an acknowledgement!) in my webapp, however I have a bug that I don't see how your code would get around. Shiro uses a ThreadLocal object to store the current subject SecurityUtils.getSubject() and uses this subject to do authorization with. However, you aren't guaranteed that the same thread will be used to service the same session.

I'm seeing the same user serviced by different threads and therefore their authentication token is invalid and they are asked to login again, how have you overcome this?

Do you store some kind of lookup between session and subject and access this somewhere else?

Thanks,

-James

--James B, 20-Dec-2011

Sorry, I didn't see this comment until now. The DefaultWebSecurityManager stores the subject in the Session object, perhaps you should use that instead of the DefaultSecurityManager?

--JanneJalkanen, 18-Jan-2012

More info... Add comment Back to entry

"Main_comments_100910_1" last changed on 18-Jan-2012 22:57:41 EET by JanneJalkanen.

Current entries
About this blog
About Janne
Scientific Experiments
Recent Changes

New entry

Syndication

The Ugly Past

JSPWiki v2.4.104

CC Attribution-ShareAlike

The Butt Ugly Weblog

Syndication