Hi,
I am using the ShiroFilter within a Spring-based webapp. I was following
the guidance from this documentation: http://shiro.apache.org/spring.html
http://shiro.apache.org/spring.html
I also want to use the jsp tag library <shiro:hasRole...> however, when I
run my application I get the following exception :
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an
invalid application configuration.
at
org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
...
unless I include the following in my ApplicationContext.xml:
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
I understand that in order for the static SecurityUtils.XXX calls to work
there must be a ThreadLocal SecurityManager, and not including the xml
snippet above means there isn't one, hence the exception. However,
following the comment given in the example in the link above,
< !-- make the securityManager bean a static singleton. DO NOT do this in
web -- >
< !-- applications - see the 'Web Applications' section below instead. -- >
Is there an alternative way I should be making the SecurityManager available
to the <shiro:... tag library?
Or is this a documentation bug?....and one should set the security manager
in SecurityUtils, but one shouldn't access it in this way, it should be
injected using your container?
Thanks,
-James
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Do-you-have-to-SecurityUtils-setSecurityManager-in-a-web-app-to-use-shiro-tag-library-tp7114798p7114798.html
Sent from the Shiro User mailing list archive at Nabble.com.
