I'm using Spring with Shiro, and in my Spring project I have a decorator controller that displays a decorator page via sitemesh. The decorator page adds onto every page navigation links, like login and logout.
I want login and logout to appear based on whether someone is actually logged in or not, so I figured the way to do that was this:
@Controller
public class DecoratorController extends AbstractController{
@Override
@RequestMapping(value = "/decorator.htm")
protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
ModelAndView model = new ModelAndView("DecoratorPage");
Subject currentUser = SecurityUtils.getSubject();
if (currentUser.isAuthenticated())
model.addObject("login", "display: none;");
else
model.addObject("logout", "display: none;");
return model;
}
}
sitemesh.xml:
<sitemesh>
<mapping path="/*.htm" decorator="/decorator.htm"/>
</sitemesh>
However, this results in the error:
No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.
Why can't I use Shiro here but I can use it in other controllers?
Coworker discovered that the problem lies in the order that the beans are created. Definition of Shiro filter should appear before defining Sitemesh.