“simply unacceptable” is so black&white :) The reality is that people used Shiro for decades, and it was acceptable for all of those people and all this time.
Simple fact is that no one is going to redesign Shiro APIs for you. Either you need to do a PR, and convince the maintainers it’s useful, or, use Shiro, or, or don’t use it. That is a fact. > On Nov 8, 2020, at 3:47 AM, Alex Orlov <[email protected]> wrote: > > Hi Lenny, > > I have casts, you have casts, Bob and Mike also have casts. It doesn’t matter > how many casts > you have, you mustn’t have any. > > In modern SO development approach we use only API and shouldn’t know anything > about implementations > classes. I’m sure that you know about OSGI, JPMS etc. The main idea of such > systems is to completely hide > implementation classes. You event don’t see those implementation classes, so, > you just CAN’T use them! > > So, when you do FooImpl impl = (FooImpl) foo; it means that either you are > doing something wrong, > or API is not flexible enough. > > So, I can’t accept your advice because it is simply unacceptable. > > > -- > Best regards, Alex Orlov > > > Суббота, 7 ноября 2020, 23:37 +03:00 от Lenny Primak <[email protected]>: > > Oh and I have very few “casts” that are necessary to accomplish any of this > > > On Nov 7, 2020, at 12:50 AM, Alex Orlov <[email protected] > > <x-msg://13/[email protected]>> wrote: > > > > Hi all, > > > > Trying to I get the list of all logged in subjects I found this method : > > SessionDAO#Collection<Session> getActiveSessions() > > and want to use it. > > > > And I have two questions: > > > > 1) Why does API hide top level objects for which we have interfaces? > > For example, using SecurityUtils we can get SecurityManager, however, > > SecurityManager doesn’t let get SessionManager, SessionDAO etc. > > So, we can’t do > > SecurityUtils.getSecurityManager().getSessionManager().getSessionDAO()? > > It seems to be unusual for me. Besides it is possible to set them via ini: > > > > sessionManager = com.foo.my.SessionManagerImplementation > > securityManager.sessionManager = $sessionManage > > > > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > > securityManager.sessionManager = $sessionManager > > # Configure a SessionDAO and then set it: > > securityManager.sessionManager.sessionDAO = $sessionDAO > > > > So, we can configure them statically, but not dynamically. At least, we > > must be able to get them > > at runtime. Maybe it is necessary to change API to make it more flexible? > > > > 2) Why does SecurityManager extend SessionManager? > > As I understand SecurityManager has a SessionManager, but not is a > > SessionManager: > > > > public interface SecurityManager extends Authenticator, Authorizer, > > SessionManager > > > > Could anyone explain? > > > > > > -- > > Best regards, Alex Orlov >
