RE: Too many threads created when calling isPermitted()

[ApacheNinja]

Hello,

Yes, we are using the latest release of Shiro.   We are primarily using
Shiro to check user permissions.  We are not using it to log in to our
application.  We are creating our Subject using the following method:

protected void setAuthorizerSubject(UsersDVO user){
        DefaultSecurityManager securityManager = new
DefaultSecurityManager();
        securityManager.setRealm(realm);
        securityManager.setAuthenticator(new MockAuthenticator());
        SecurityUtils.setSecurityManager(securityManager );
        Subject currentUser = new DelegatingSubject(securityManager);
        if(!currentUser.isAuthenticated()){
            UsernamePasswordToken token = new
UsernamePasswordToken(user.getUserName(), "");
            try{
                currentUser.login(token);
            } catch (AuthenticationException ex){
                Log.exception(ex);
            }
        }
        this.subject = currentUser;
    }

This is created once when the user logs in.  In our application it is
possible to log in as a general administrator first, then log in again as a
more specific user.  So this may be called twice.  We then use the Subject
object to call the isPermitted() object, which checks to see if the user has
access to different portions of our application.  In our Realm object we
have set setAuthorizationCachingEnabled(false) (I don't think this makes a
difference but I thought I would include this information anyway).  Looking
at the stack trace when calling isPermitted(), I see that it goes through
the Shiro API and then it then calls our implementation
doGetAuthorizationInfo() :

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principalCollection) {
        SimpleAuthorizationInfo info = null;
        if( user != null ) {
            info = new SimpleAuthorizationInfo();
            List<Role> roles =
roleManager.getRolesForUser(user.getUserID());
            List<EPermission> permissions =
permissionManager.getPermissionsForUser(user.getUserID());
            for(Role role : roles) {
                info.addRole(role.getName());
            }
            for(EPermission permission : permissions){
                info.addStringPermission(permission.getName());
            }
        }

        return info;
    }

Somewhere in there a new thread is being generated but I don't know where.



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Too-many-threads-created-when-calling-isPermitted-tp7578725p7578734.html
Sent from the Shiro User mailing list archive at Nabble.com.