Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Vaadin and Shiro/Spring security

Konstantin Hvan
1 decade ago Apr 11, 2010 10:35am
Kim Leppänen
1 decade ago Apr 11, 2010 1:01pm
Konstantin Hvan
1 decade ago Apr 11, 2010 1:40pm
Kim Leppänen
1 decade ago Apr 11, 2010 2:17pm

Konstantin Hvan: The question is why should it be ThreadLocal?

To be able to access the variable in a static way. I think there is an error in the example code

public SMSApp getInstance()
    {
        return currentApplication.get ();
    }

This should most likely be a static method. Otherwise I do not see any need for the ThreadLocal.

Last updated on Apr, 11th 2010
Fei Yan
10 years ago Feb 29, 2012 5:42am

I spent a whole evening on this threadlocal thing with shiro 1.2 : basically if you dont get it right, shiro subject will expire as soon as thread changes.

Solution: use shiro's ShiroFilter to initialize it. Add the following into your web.xml and don't do any initialization in your vaadin application just directly use SecurityUtils.getSubject()

<listener>
		<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
	</listener>

	<filter>
		<filter-name>ShiroFilter</filter-name>
		<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>ShiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>INCLUDE</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>