I'm just getting started with Shiro. I'm using it in a SparkJava site. I have
authentication mostly working, but after turning on trace logging for the
ThreadContext class, I'm noticing that the subject is suddenly not
authenticated when there's a new thread being used in the Jetty request. I
assumed that a subject's state is the same across all threads in the same
Jetty instance, but that doesn't seem to be the case here.
I did the Shiro init in the main SparkJava thread:
Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
And I'm not passing around a SecurityManager instance. My authentication
check happens in a before() filter in SparkJava and that's where it will
fail when the thread changes.
What I am missing?
Thanks,
Dave
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/isAuthenticated-returns-false-when-the-Jetty-thread-changes-tp7581554.html
Sent from the Shiro User mailing list archive at Nabble.com.
