Question about SecurityUtils.getSubject()

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about SecurityUtils.getSubject()

hussain-dpag
Hi,

posted this message in the forum already but somehow hasn't been posted to the mailing list.

I'm new to Shiro and have a question about how SecurityUtils.getSubject() works.

After reading the documentation it's said that one simply retrieves the current user (subject) by calling
SecurityUtils.getSubject()

But in the context of multiple users concurrently using the application each with their own session how does SecurityUtils determine the relationship to the session? In this context I would rather expect something like
SecurityUtils.getSubject(session).

Any hints are appreciated...

Regards,

Abid
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

lprimak
It's all about your thread local request that keys in on the subject.



On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]> wrote:

> Hi,
>
> posted this message in the forum already but somehow hasn't been posted to the mailing list.
>
> I'm new to Shiro and have a question about how SecurityUtils.getSubject() works.
>
> After reading the documentation it's said that one simply retrieves the current user (subject) by calling
> SecurityUtils.getSubject()
>
> But in the context of multiple users concurrently using the application each with their own session how does SecurityUtils determine the relationship to the session? In this context I would rather expect something like
> SecurityUtils.getSubject(session).
>
> Any hints are appreciated...
>
> Regards,
>
> Abid
> --
> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

hussain-dpag
Thanks! So this means the subject is retrieved from the current thread... But this assumes that each user works in it's own thread. I wonder how (or if) this works in a web application or more general in applications where multiple users work on the same thread?

Regards,

Abid

> It's all about your thread local request that keys in on the subject.
>
>
>
> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]> wrote:
>
> > Hi,
> >
> > posted this message in the forum already but somehow hasn't been posted
> to the mailing list.
> >
> > I'm new to Shiro and have a question about how
> SecurityUtils.getSubject() works.
> >
> > After reading the documentation it's said that one simply retrieves the
> current user (subject) by calling
> > SecurityUtils.getSubject()
> >
> > But in the context of multiple users concurrently using the application
> each with their own session how does SecurityUtils determine the
> relationship to the session? In this context I would rather expect something like
> > SecurityUtils.getSubject(session).
> >
> > Any hints are appreciated...
> >
> > Regards,
> >
> > Abid
> > --
> > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> > belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
> >

--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

thlim
Afaik, every http request (until response) that comes in is handled by a single thread

On Thursday, November 3, 2011, Abid Hussain <[hidden email]> wrote:
> Thanks! So this means the subject is retrieved from the current thread... But this assumes that each user works in it's own thread. I wonder how (or if) this works in a web application or more general in applications where multiple users work on the same thread?
>
> Regards,
>
> Abid
>
>> It's all about your thread local request that keys in on the subject.
>>
>>
>>
>> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]> wrote:
>>
>> > Hi,
>> >
>> > posted this message in the forum already but somehow hasn't been posted
>> to the mailing list.
>> >
>> > I'm new to Shiro and have a question about how
>> SecurityUtils.getSubject() works.
>> >
>> > After reading the documentation it's said that one simply retrieves the
>> current user (subject) by calling
>> > SecurityUtils.getSubject()
>> >
>> > But in the context of multiple users concurrently using the application
>> each with their own session how does SecurityUtils determine the
>> relationship to the session? In this context I would rather expect something like
>> > SecurityUtils.getSubject(session).
>> >
>> > Any hints are appreciated...
>> >
>> > Regards,
>> >
>> > Abid
>> > --
>> > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>> > belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>> >
>
> --
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

hussain-dpag
Thanks for quick reply. But still, how does Shiro now that a certain request comes from a certain user when calling SecurityUtils.getSubject() even if each request is handled by a new thread? There must be somewhere an assignment between request/session and user. So, I would be interested in how this is done?

Regards,

Abid

> Afaik, every http request (until response) that comes in is handled by a
> single thread
>
> On Thursday, November 3, 2011, Abid Hussain <[hidden email]> wrote:
> > Thanks! So this means the subject is retrieved from the current
> thread...
> But this assumes that each user works in it's own thread. I wonder how (or
> if) this works in a web application or more general in applications where
> multiple users work on the same thread?
> >
> > Regards,
> >
> > Abid
> >
> >> It's all about your thread local request that keys in on the subject.
> >>
> >>
> >>
> >> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]>
> wrote:
> >>
> >> > Hi,
> >> >
> >> > posted this message in the forum already but somehow hasn't been
> posted
> >> to the mailing list.
> >> >
> >> > I'm new to Shiro and have a question about how
> >> SecurityUtils.getSubject() works.
> >> >
> >> > After reading the documentation it's said that one simply retrieves
> the
> >> current user (subject) by calling
> >> > SecurityUtils.getSubject()
> >> >
> >> > But in the context of multiple users concurrently using the
> application
> >> each with their own session how does SecurityUtils determine the
> >> relationship to the session? In this context I would rather expect
> something like
> >> > SecurityUtils.getSubject(session).
> >> >
> >> > Any hints are appreciated...
> >> >
> >> > Regards,
> >> >
> >> > Abid
> >> > --
> >> > Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> >> > belohnen Sie mit bis zu 50,- Euro!
> https://freundschaftswerbung.gmx.de
> >> >
> >
> > --
> > NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
> > Jetzt informieren: http://www.gmx.net/de/go/freephone
> >

--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

lprimak
In reply to this post by hussain-dpag
It does work. Ts a combination of a session, request and thread local.



On Nov 3, 2011, at 9:11 AM, "Abid Hussain" <[hidden email]> wrote:

> Thanks! So this means the subject is retrieved from the current thread... But this assumes that each user works in it's own thread. I wonder how (or if) this works in a web application or more general in applications where multiple users work on the same thread?
>
> Regards,
>
> Abid
>
>> It's all about your thread local request that keys in on the subject.
>>
>>
>>
>> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]> wrote:
>>
>>> Hi,
>>>
>>> posted this message in the forum already but somehow hasn't been posted
>> to the mailing list.
>>>
>>> I'm new to Shiro and have a question about how
>> SecurityUtils.getSubject() works.
>>>
>>> After reading the documentation it's said that one simply retrieves the
>> current user (subject) by calling
>>> SecurityUtils.getSubject()
>>>
>>> But in the context of multiple users concurrently using the application
>> each with their own session how does SecurityUtils determine the
>> relationship to the session? In this context I would rather expect something like
>>> SecurityUtils.getSubject(session).
>>>
>>> Any hints are appreciated...
>>>
>>> Regards,
>>>
>>> Abid
>>> --
>>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>>> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>>>
>
> --
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!        
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>
Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

thlim
Without going into the codes, I believe these filters are where the subject is set. At least this where I will begin to look for clues.

org.apache.shiro.web.servlet.AbstractShiroFilter
org.apache.shiro.web.servlet.IniShiroFilter



On Thu, Nov 3, 2011 at 11:24 PM, Lenny Primak <[hidden email]> wrote:
It does work. Ts a combination of a session, request and thread local.



On Nov 3, 2011, at 9:11 AM, "Abid Hussain" <[hidden email]> wrote:

> Thanks! So this means the subject is retrieved from the current thread... But this assumes that each user works in it's own thread. I wonder how (or if) this works in a web application or more general in applications where multiple users work on the same thread?
>
> Regards,
>
> Abid
>
>> It's all about your thread local request that keys in on the subject.
>>
>>
>>
>> On Nov 1, 2011, at 12:30 PM, "Abid Hussain" <[hidden email]> wrote:
>>
>>> Hi,
>>>
>>> posted this message in the forum already but somehow hasn't been posted
>> to the mailing list.
>>>
>>> I'm new to Shiro and have a question about how
>> SecurityUtils.getSubject() works.
>>>
>>> After reading the documentation it's said that one simply retrieves the
>> current user (subject) by calling
>>> SecurityUtils.getSubject()
>>>
>>> But in the context of multiple users concurrently using the application
>> each with their own session how does SecurityUtils determine the
>> relationship to the session? In this context I would rather expect something like
>>> SecurityUtils.getSubject(session).
>>>
>>> Any hints are appreciated...
>>>
>>> Regards,
>>>
>>> Abid
>>> --
>>> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
>>> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
>>>
>
> --
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>

Reply | Threaded
Open this post in threaded view
|

Re: Question about SecurityUtils.getSubject()

atomicknight
CONTENTS DELETED
The author has deleted this message.