On Friday, January 07, 2011, Lothar Werzinger wrote:
> Hi,
>
> I am trying to use Shiro with an Eclipse RAP web application in a tomcat6
> container.
>
> I configured a ShiroFilter in the web.xml and Shiro does indeed ask for the
> login and verifies it correctly.
>
> However in the application code I get a
> UnavailableSecurityManagerException:
>
> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
> accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is
> an invalid application configuration.
>
>
> This is probably due to the equinox servletbridge.
>
> I then added code to initialise the SecurityManager in my app manually and
> register my realm with it. After that I can get a subject, but it is not
> authorised:
>
> I do get a principal from the HttpServletRequest (and that shows that Shiro
> initially did authorise me):
>
> HttpServletRequest request = RWT.getRequest();
> request.getRemoteUser() => lothar
> request.getUserPrincipal() => lothar
> request.getUserPrincipal().getClass().getName() =>
> org.apache.shiro.web.servlet.ShiroHttpServletRequest$ObjectPrincipal
>
>
> But if I try to access the Shiro subject I get:
>
> Subject subject = SecurityUtils.getSubject();
> subject.isAuthenticated() => false
> subject.getPrincipal() => null
I did more digging and found this is because the Eclipse RAP application being
an OSGi application it has obviously a different class loader.
If I access the request (which is a ShiroHttpServletRequest) via reflection to
extract the subject (as the accessor is unfortunately protected)
Class<?> clazz = request.getClass();
Method getSubject = clazz.getDeclaredMethod("getSubject");
getSubject.setAccessible(true);
Object object = getSubject.invoke(request);
WebDelegatingSubject subject = (WebDelegatingSubject) object;
the the cast to WebDelegatingSubject fails due to the different class loader:
java.lang.ClassCastException:
org.apache.shiro.web.subject.support.WebDelegatingSubject cannot be cast to
org.apache.shiro.web.subject.support.WebDelegatingSubject
Is there a way for Shiro to communicate the state of the subject across class
loaders? If so, how can I accomplish this?
Any help is highly appreciated.
Thanks!
Lothar
