I'm only just starting to learn about OSGI and I don't know anything about Eclipse RAP so I may be way off the mark here. It looks like shiro is getting loaded twice - once by your webapp (or whatever does the filtering) and once by your RAP application. Seems like both of them (assuming they are both bundles?) should do an Import-Package on shiro (and have a shiro bundle) or one should Export-Package on shiro and the other should import it. From what I've read (ie. take it with a grain of salt), I would think this would allow your original code to work.
-Jared On 1/10/11 3:22 PM, "Lothar Werzinger" <[email protected]> wrote: > On Friday, January 07, 2011, Lothar Werzinger wrote: >> Hi, >> >> I am trying to use Shiro with an Eclipse RAP web application in a tomcat6 >> container. >> >> I configured a ShiroFilter in the web.xml and Shiro does indeed ask for the >> login and verifies it correctly. >> >> However in the application code I get a >> UnavailableSecurityManagerException: >> >> org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager >> accessible to the calling code, either bound to the >> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is >> an invalid application configuration. >> >> >> This is probably due to the equinox servletbridge. >> >> I then added code to initialise the SecurityManager in my app manually and >> register my realm with it. After that I can get a subject, but it is not >> authorised: >> >> I do get a principal from the HttpServletRequest (and that shows that Shiro >> initially did authorise me): >> >> HttpServletRequest request = RWT.getRequest(); >> request.getRemoteUser() => lothar >> request.getUserPrincipal() => lothar >> request.getUserPrincipal().getClass().getName() => >> org.apache.shiro.web.servlet.ShiroHttpServletRequest$ObjectPrincipal >> >> >> But if I try to access the Shiro subject I get: >> >> Subject subject = SecurityUtils.getSubject(); >> subject.isAuthenticated() => false >> subject.getPrincipal() => null > > > I did more digging and found this is because the Eclipse RAP application being > an OSGi application it has obviously a different class loader. > > If I access the request (which is a ShiroHttpServletRequest) via reflection to > extract the subject (as the accessor is unfortunately protected) > > Class<?> clazz = request.getClass(); > Method getSubject = clazz.getDeclaredMethod("getSubject"); > getSubject.setAccessible(true); > Object object = getSubject.invoke(request); > WebDelegatingSubject subject = (WebDelegatingSubject) object; > > the the cast to WebDelegatingSubject fails due to the different class loader: > > java.lang.ClassCastException: > org.apache.shiro.web.subject.support.WebDelegatingSubject cannot be cast to > org.apache.shiro.web.subject.support.WebDelegatingSubject > > > Is there a way for Shiro to communicate the state of the subject across class > loaders? If so, how can I accomplish this? > > Any help is highly appreciated. > > Thanks! > > Lothar
