[jira] [Commented] (SHIRO-630) ModularRealmAuthorizer ignores JAX-RS proxied Realms

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SHIRO-630) ModularRealmAuthorizer ignores JAX-RS proxied Realms

Francois Papon (Jira)

    [ https://issues.apache.org/jira/browse/SHIRO-630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17020632#comment-17020632 ]

Benjamin Marwell commented on SHIRO-630:

Hello [~lyonssp].


First of all, JAX-RS doesn't do dependency injection. It will only provide endpoints for rest based web APIs.

You are probably referring to CDI or its reference implementation WELD.

InstanceOf should work for injected proxies. Maybe your custom realm does not implement Authorizer? Can we see some code snippets and how you use injection?




> ModularRealmAuthorizer ignores JAX-RS proxied Realms
> ----------------------------------------------------
>                 Key: SHIRO-630
>                 URL: https://issues.apache.org/jira/browse/SHIRO-630
>             Project: Shiro
>          Issue Type: Bug
>         Environment: Jersey version 2.25
> Shiro version 1.2+
>            Reporter: Sean Lyons
>            Priority: Major
> I'm developing in a web environment that uses JAX-RS for dependency injection.  I'd like to inject my realms by proxy so that they can be injected in request scope into singleton parents.  However, the logic in ModularRealmAuthorizer#isPermitted(PrincipalCollection, Permission) does an `instanceof Authorizer` check that will fail for proxied, injected realms because they are of type `Proxy`.  This issue seems to appear in versions 1.2 and later.

This message was sent by Atlassian Jira