I would like to encapsulate Apache Shiro in a Servlet environment. I want to create MySecurityUtils and use Shiro SecurityUtils.getSubject in a static method. My question is whether this is a correct way to use SecurityUtils.getSubject method in a static method. Can this cause any problems in multithreaded servlet environment?
MySecurityUtils.java
import org.apache.shiro.subject.Subject;
import org.apache.shiro.SecurityUtils;
public class MySecurityUtils {
public static MyUser getUser() {
Subject currentUser = SecurityUtils.getSubject();
MyUser myUser = new MyUser(currentUser);
...
}
}
MyUser.java
public class MyUser {
// ... constructors
public boolean isPermitted(..) {subject.isPermitted(...)}
}
After feedback of Sotirios I changed my code as follows
public class SecurityHelper {
public static boolean isAuthenticated(){
Subject currentUser = SecurityUtils.getSubject();
return currentUser.isAuthenticated();
}
public static void checkPermission(String permissionCode){
Subject currentUser = SecurityUtils.getSubject();
currentUser.checkPermission(permissionCode);
}
public static void checkPermission(String... permissionCodes){
Subject currentUser = SecurityUtils.getSubject();
currentUser.checkPermissions(permissionCodes);
}
... and so on
I encapsulate all application logic in a Helper class.