[jira] [Commented] (SHIRO-161) No SecurityManager accessible to the calling code

Sat, 12 Apr 2025 13:24:45 -0700 


    [ 
https://issues.apache.org/jira/browse/SHIRO-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17943850#comment-17943850
 ] 

Lenny Primak commented on SHIRO-161:
------------------------------------

See [https://github.com/apache/shiro/pull/2082]

This fix prevents cleanup of ThreadLocals from child threads.

> No SecurityManager accessible to the calling code
> -------------------------------------------------
>
>                 Key: SHIRO-161
>                 URL: https://issues.apache.org/jira/browse/SHIRO-161
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.0.0
>         Environment: Linux, Tomcat 6, Jetty 6
>            Reporter: Robert Hannebauer
>            Assignee: Kalle Korhonen
>            Priority: Critical
>             Fix For: 1.0.0
>
>         Attachments: Test-eclipse.zip, Test.war
>
>
> The security context is not bound to the thread context. 
> The application uses an ajax periodical updater to often refresh some zones. 
> But the user is enabled to interact with the application, so it happens, that 
> two simultaneous requests arrives at the application server. This often 
> produces
> ERROR 2010-05-15 23:33:08,030 (SecurityModule.java:253) - Error handling 
> SecurityException
> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager 
> accessible to the calling code, either bound to the 
> org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an 
> invalid application configuration.
>       at 
> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:124)
>       at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:616)
>       at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:57)
>       at 
> org.tynamo.security.services.impl.SecurityServiceImpl.getSubject(SecurityServiceImpl.java:37)
>       at 
> org.tynamo.security.services.impl.SecurityServiceImpl.isAuthenticated(SecurityServiceImpl.java:42)
>       at 
> $SecurityService_1289de25571.isAuthenticated($SecurityService_1289de25571.java)
>       at 
> org.tynamo.security.ShiroExceptionHandler.handle(ShiroExceptionHandler.java:74)
>       at 
> org.tynamo.security.services.SecurityModule$3.advise(SecurityModule.java:250)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to