The ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager.
This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager because the proxy implements the SecurityManager interface, which doesn't have the isHttpSessions() method.
Perhaps we should have a WebSecurityManager interface with the isHttpSessions() method defined on it?
|Field||Original Value||New Value|
|Assignee||Peter Ledbrook [ pledbrook ]|
|Status||Open [ 1 ]||Closed [ 6 ]|
|Resolution||Fixed [ 1 ]|
|Transition||Time In Source Status||Execution Times||Last Executer||Last Execution Date|
|18d 22h 58m||1||Peter Ledbrook||01/Feb/10 11:29|