Skip to content

Commit 0b637c2

Browse files
committed
remove shiro
1 parent ef3193f commit 0b637c2

2 files changed

Lines changed: 12 additions & 4 deletions

File tree

extensions/session-testing-war/build.gradle

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,8 +26,6 @@ dependencies {
2626
api(platform(project(':boms:geode-all-bom')))
2727
implementation('jakarta.servlet:jakarta.servlet-api')
2828
implementation(project(':geode-deployment:geode-deployment-legacy'))
29-
// Include Shiro runtime in the test WAR so containers can load Shiro classes
30-
runtimeOnly 'org.apache.shiro:shiro-core:2.1.0'
3129
}
3230

3331
war {

geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_PEER_AUTHENTICATOR;
1919
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_SHIRO_INIT;
2020

21+
import java.lang.reflect.Method;
2122
import java.util.Properties;
2223

2324
import org.apache.commons.lang3.StringUtils;
@@ -88,9 +89,18 @@ public static SecurityService create(Properties securityProps,
8889

8990
private static boolean isShiroInUse() {
9091
// Don't import Shiro otherwise clients must include on classpath
92+
// Use reflective lookup without initializing the class and be defensive about
93+
// ClassNotFound/NoClassDef/Linkage errors which can occur when the webapp
94+
// classloader does not provide Shiro runtime. If any such error occurs,
95+
// treat Shiro as not in use to avoid hard failures during webapp startup.
9196
try {
92-
return null != Class.forName("org.apache.shiro.SecurityUtils").getMethod("getSecurityManager")
93-
.invoke(null);
97+
ClassLoader cl = Thread.currentThread().getContextClassLoader();
98+
Class<?> securityUtils = Class.forName("org.apache.shiro.SecurityUtils", false, cl);
99+
Method getSecurityManager = securityUtils.getMethod("getSecurityManager");
100+
Object sm = getSecurityManager.invoke(null);
101+
return sm != null;
102+
} catch (ClassNotFoundException | NoClassDefFoundError | LinkageError e) {
103+
return false;
94104
} catch (Exception e) {
95105
return false;
96106
}

0 commit comments

Comments
 (0)