Shiro
  1. Shiro
  2. SHIRO-130

ShiroFilter does not work with proxied security manager

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.0.0
    • Component/s: Web
    • Labels:
      None

      Description

      The ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager.

      This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager because the proxy implements the SecurityManager interface, which doesn't have the isHttpSessions() method.

      Perhaps we should have a WebSecurityManager interface with the isHttpSessions() method defined on it?

        Activity

        Hide
        Peter Ledbrook added a comment - - edited

        I don't mind implementing this if we have an agreed approach. Should we introduce a WebSecurityManager interface again?

        Show
        Peter Ledbrook added a comment - - edited I don't mind implementing this if we have an agreed approach. Should we introduce a WebSecurityManager interface again?
        Hide
        Les Hazlewood added a comment -

        I think that's a good idea - interfaces are so much better than instanceof checks (yuck)

        Show
        Les Hazlewood added a comment - I think that's a good idea - interfaces are so much better than instanceof checks (yuck)

          People

          • Assignee:
            Peter Ledbrook
            Reporter:
            Peter Ledbrook
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development