Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-130

ShiroFilter does not work with proxied security manager

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.0.0
    • Component/s: Web
    • Labels:
      None

      Description

      The ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager.

      This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager because the proxy implements the SecurityManager interface, which doesn't have the isHttpSessions() method.

      Perhaps we should have a WebSecurityManager interface with the isHttpSessions() method defined on it?

        Attachments

          Activity

            People

            • Assignee:
              pledbrook Peter Ledbrook
              Reporter:
              pledbrook Peter Ledbrook
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: