diff --git a/pom.xml b/pom.xml
index 47aec33319e02ca3a19a2bf1c89014ba3fa5565b..2a0756fdfe87505ed5d20d4a5cf60be144205223 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
- <version>1.5.3</version>
+ <version>1.8.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index 17bb1e500ed5aeffec25cf9aa2535150ceb40b4c..b445749d68fafaeac74cc398912769acd6841a8b 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -326,6 +326,8 @@ public class CaosDBServer extends Application {
// ChecksumUpdater
ChecksumUpdater.start();
+
+ ThreadContext.remove();
}
} else {
logger.info("NO BACKEND");
@@ -566,9 +568,9 @@ public class CaosDBServer extends Application {
setSessionCookies(response);
} finally {
- // remove subject from this thread so that we can reuse the
- // thread.
- ThreadContext.unbindSubject();
+ // remove subject and all other session data from this thread so
+ // that we can reuse the thread.
+ ThreadContext.remove();
}
}
diff --git a/src/main/java/org/caosdb/server/jobs/Job.java b/src/main/java/org/caosdb/server/jobs/Job.java
index 2de6b08537d82504bb989a4cf661f89ff473e4c2..9bca9eb2e1b9a78e9e73a79b5f31161b345f2dc1 100644
--- a/src/main/java/org/caosdb/server/jobs/Job.java
+++ b/src/main/java/org/caosdb/server/jobs/Job.java
@@ -27,7 +27,7 @@ import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.subject.Subject;
import org.caosdb.server.CaosDBException;
@@ -301,10 +301,8 @@ public abstract class Job {
}
protected final void checkPermission(final EntityInterface entity, final Permission permission)
- throws Message {
- if (!entity.getEntityACL().isPermitted(SecurityUtils.getSubject(), permission)) {
- throw ServerMessages.AUTHORIZATION_ERROR;
- }
+ throws AuthorizationException {
+ entity.checkPermission(permission);
}
/**
diff --git a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
index 390deedde211c0931eca1c3677ac5ff9c8ee9d8f..112692c89a403366eb9eeb02d32355982a96a236 100644
--- a/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
+++ b/src/main/java/org/caosdb/server/jobs/core/CheckPropValid.java
@@ -25,6 +25,7 @@ package org.caosdb.server.jobs.core;
import static org.caosdb.server.utils.ServerMessages.ENTITY_DOES_NOT_EXIST;
import com.google.common.base.Objects;
+import org.apache.shiro.authz.AuthorizationException;
import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
import org.caosdb.server.database.exceptions.EntityWasNotUniqueException;
import org.caosdb.server.entity.EntityInterface;
@@ -124,11 +125,14 @@ public class CheckPropValid extends EntityJob {
}
}
} catch (final Message m) {
- addError(property, m);
+ property.addError(m);
+ } catch (AuthorizationException e) {
+ property.addError(ServerMessages.AUTHORIZATION_ERROR);
+ property.addInfo(e.getMessage());
} catch (final EntityDoesNotExistException e) {
- addError(property, ENTITY_DOES_NOT_EXIST);
+ property.addError(ENTITY_DOES_NOT_EXIST);
} catch (final EntityWasNotUniqueException e) {
- addError(property, ServerMessages.ENTITY_NAME_DUPLICATES);
+ property.addError(ServerMessages.ENTITY_NAME_DUPLICATES);
}
}
@@ -147,11 +151,6 @@ public class CheckPropValid extends EntityJob {
checkPermission(property, EntityPermission.USE_AS_PROPERTY);
}
- private void addError(final EntityInterface property, final Message m) {
- property.addError(m);
- property.setEntityStatus(EntityStatus.UNQUALIFIED);
- }
-
private static void deriveOverrideStatus(final Property child, final EntityInterface parent) {
if (!Objects.equal(child.getName(), parent.getName())) {
if (child.hasName()) {