On Fri, Jan 1, 2010 at 5:01 AM, Peter Ledbrook <[email protected]> wrote: > Les, > >> Until I we see exceptions or a test case, I don't think there is >> anything to do - it should work fine. Something else must be causing >> problems (if there are even still problems). > > I have run into a problem with Shiro: the ShiroFilter.isHttpSessions() > method does an instanceof check on the security manager, checking > whether it's an instance of DefaultWebSecurityManager. > > This doesn't work when the security manager is a JDK proxy to a > DefaultWebSecurityManager. Shouldn't we have a WebSecurityManager > interface with the isHttpSessions() method defined on it?
Ah, yes, the hack rears its ugly head. I hate instanceof checks on concrete implementations. Yuck. Please open a Jira issue to get this resolved for 1.0. The interim fix is to subclass the filter and override the isHttpSessions() method to do what you need. Regards, Les
