Hello,
could anyone please tell me about thread safety consideration while using
Shiro?
In my specific case, I made a servlet filter, which creates an instance of
my custom realm and an instance of DefaultSecurityManager with this realm.
This filter then authenticates requests which go through it, namely it calls
authenticate() method of the security manager. This is how it looks in code:
public class MyFilter implements Filter {
private SecurityManager sm;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
Realm r = new MyRealm(); // MyRealm extends AuthorizingRealm
sm = new DefaultSecurityManager(r);
}
@Override
public void doFilter(ServletRequest rawRequest, ServletResponse
rawResponse, FilterChain chain) throws IOException,
ServletException {
// creating token here and other stuff
AuthenticationInfo info = sm.authenticate(token);
// no more calls to sm below
}
@Override
public void destroy() {
}
}
My question is should I protect authenticate() call here by synchronization?
And does it depend on whether MyRealm is thread safe or not? And a more
common question: should custom realms be thread safe?
Best regards,
Dmitry.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/DefaultSecurityManager-thread-safety-tp7367513p7367513.html
Sent from the Shiro User mailing list archive at Nabble.com.
