Shiro
  1. Shiro
  2. SHIRO-130

ShiroFilter does not work with proxied security manager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.0.0
    • Component/s: Web
    • Labels:
      None

      Description

      The ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager.

      This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager because the proxy implements the SecurityManager interface, which doesn't have the isHttpSessions() method.

      Perhaps we should have a WebSecurityManager interface with the isHttpSessions() method defined on it?

        Activity

        Peter Ledbrook created issue -
        Peter Ledbrook made changes -
        Field Original Value New Value
        Assignee Peter Ledbrook [ pledbrook ]
        Peter Ledbrook made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Peter Ledbrook
            Reporter:
            Peter Ledbrook
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development