Will frameworks like Apache Shiro/Spring security work smooth with vaadin? I mainly mean static methods like SecurityContext.getCurrentUser() which can be called from anywhere.
Take a look at the transactionStart and transactionEnd method. transactionStart is called at the beginning of the http request and transactionEnd at the end of the request. The ThreadLocal variable is updated in these methods. If you do not update the ThreadLocal variable in these methods, then it will fail because of thread pooling, just like you mentioned.
I’m not familiar with Apache Shiro/Spring security so can’t help you on that. Maybe someone else can comment on this subject? I do recall that there has been threads on the forum about spring security and Petter is currently
writing an article about it.
The question is why should it be ThreadLocal? Its value is stored in vaadin application object which should be stored i guess servlet session so no updates are needed at all. Am i wrong?
I spent a whole evening on this threadlocal thing with shiro 1.2 : basically if you dont get it right, shiro subject will expire as soon as thread changes.
Solution: use shiro’s ShiroFilter to initialize it. Add the following into your web.xml and don’t do any initialization in your vaadin application just directly use SecurityUtils.getSubject()