Yes. If I omit setting the SecurityManager in the code per the official
guide/documentation, I get this exception:
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton. This is
an invalid application configuration.
org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626)
org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)
com.sointe.security.FilterSecurity.validateSession(FilterSecurity.java:225)
com.sointe.security.FilterSecurity.doFilter(FilterSecurity.java:149)
com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
com.sointe.security.FilterAccessLog.doFilter(FilterAccessLog.java:45)
com.sointe.web.AppFilterChain.doFilter(AppFilterChain.java:66)
com.sointe.web.AppFilterLoader.doFilter(AppFilterLoader.java:146)
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
On Sun, Mar 1, 2020 at 12:59 PM Brian Demers <[email protected]> wrote:
> Are you creating a new security manager for each request?
>
>
> I’m not sure how you are using this logic, but you should let Shiro do all
> of this for you (via the ShiroFilter).
>
> -Brian
>
> > On Mar 1, 2020, at 2:43 PM, tommyhp2 <[email protected]> wrote:
> >
> > Hi Brian,
> >
> > Thanks for the prompt feedback. Here's the code I used to check for the
> > session:
> >
> > https://pastebin.com/F5SMmLpq
> >
> > The shiro.ini is very basic and minimal:
> >
> > [main]
> > [users]
> > [roles]
> > [urls]
> > /** = anon
> >
> > Most of the content (99%) in shiro.ini are comments and examples as notes
> > for future implementation of authentication and authorization.
> >
> >
> >
> > --
> > Sent from: http://shiro-user.582556.n2.nabble.com/
>
