Shiro No SecurityManager accessible to the calling code

I am trying to integrate Spring Boot and Shiro. When I tried to call SecurityUtils.getSubject() in one of my controllers, an exception occurred: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.

I just followed some tutorials and docs to configure Shiro and here is my ShiroConfig class:

@Configuration public class ShiroConfig { @Bean public Realm realm() { return new UserRealm(); } @Bean public HashedCredentialsMatcher hashedCredentialsMatcher() { HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName(PasswordEncoder.getALGORITHM()); hashedCredentialsMatcher.setHashIterations(PasswordEncoder.getITERATION()); return hashedCredentialsMatcher; } @Bean public UserRealm shiroRealm() { UserRealm userRealm = new UserRealm(); userRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return userRealm; } @Bean public SessionsSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); return securityManager; } @Bean public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); defaultAdvisorAutoProxyCreator.setUsePrefix(true); return defaultAdvisorAutoProxyCreator; } @Bean public ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition definition = new DefaultShiroFilterChainDefinition(); definition.addPathDefinition("/login", "anon"); definition.addPathDefinition("/register", "anon"); definition.addPathDefinition("/api/**", "user"); return definition; } } 

And this is the code which caused exception:

 @PostMapping("/login") @ResponseBody public Object login(@RequestParam("username") String username, @RequestParam("password") String password) { if (username.equals("") || password.equals("")) { return "please provide complete information"; } UsernamePasswordToken token = new UsernamePasswordToken(username, password); Subject subject = SecurityUtils.getSubject(); // this line caused exception ... } 

I am very confused about this exception. Could anyone help?

EDIT I am using Spring Boot 2.1.6.RELEASE and shiro-spring-boot-starter 1.4.0.

3

1 Answer

Are you using the shiro-spring-boot-web-starter dependency instead of the shiro-spring-boot-starter dependency?

It looks like that is required for spring boot web applications according to this doc.

0

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like