[SHIRO-130] ShiroFilter does not work with proxied security manager - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.0
Fix Version/s: 1.0.0
Component/s: Web
Labels:
None

Description

The ShiroFilter.isHttpSessions() method does an instanceof check on the security manager, checking whether it's an instance of DefaultWebSecurityManager.

This doesn't work when the security manager is a JDK proxy to a DefaultWebSecurityManager because the proxy implements the SecurityManager interface, which doesn't have the isHttpSessions() method.

Perhaps we should have a WebSecurityManager interface with the isHttpSessions() method defined on it?

Attachments

Activity

People

Assignee:: Peter Ledbrook

Reporter:: Peter Ledbrook

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Jan/10 12:30

Updated:: 01/Feb/10 11:29

Resolved:: 01/Feb/10 11:29