6

I just added an ExecutionHandler to my server pipeline just before my main business logic handler as recommended in the documentation.

I am using Apache Shiro http://shiro.apache.org/ for security. It worked fine until I added the ExecutionHandler.

The issue:
Shiro's execution context is bound to the current thread in which you obtain the Subject object. So, if the Subject is obtained in the worker thread, but the business logic executes in a separate ExecutionHandler managed thread then the two execution contexts won't be connected as far as Shiro is concerned. Thus Shiro in the ExecutionHandler thread will fail to be aware that the Subject is in fact authenticated. So I'm getting Authentication errors.

It is possible to associate a given Subject with a Runnable before passing it to Executor.execute() so that the security context is maintained. See: http://shiro.apache.org/subject.html

Based on this I think need to find a way to associate the current Shiro Subject with the ExecutionHandler Runnable.

I'm still trying to fully understand the ExecutionHandler and OrderedMemoryAwareThreadPoolExecutor implementations.

Basically I need to call subject.associateWith(aRunnable) just before aRunnable is passed to Executor.execute(aRunnable).

Does anyone have thoughts on where/how I could hook Shiro into the mix?

Thanks, Matt

Matt Friedman
  • 1,535
  • 1
  • 17
  • 24
  • 2
    Would be interesting to see how you integrated shiro and Netty. If it is opensource, could you share the link? Maybe paste it as a github gist. – Abe May 14 '12 at 06:45

1 Answers1

14

Shiro can automate the thread handoffs for you.

You should be able to just use one of the SubjectAwareExecutor, SubjectAwareExecutorService, or SubjectAwareScheduledExecutorService implementations out of the box. You can wrap the actual ExecutorService that will execute the Runnables, and you're good. For example:

ExecutorService myExistingExecutorService = //get from somewhere
ExecutorService useThis = new SubjectAwareExecutorService(myExistingExecutorService);

You can 'inject' or configure the useThis instance anywhere in your application and the calling code doesn't ever need to know Shiro exists.

For example, an unaware component calling useThis.submit(someRandomRunnable) has no idea that Shiro is in use, but the Shiro Subject will still be retained across threads. Check out the respective JavaDoc pages for more.

halfer
  • 19,824
  • 17
  • 99
  • 186
Les Hazlewood
  • 18,480
  • 13
  • 68
  • 76
  • 1
    I've wired up the `SubjectAwareExecutorService` in my application context and everything works very well now. Many thanks for this. It's exactly what I was looking for. Cheers, Matt – Matt Friedman Mar 28 '12 at 14:21