Can't Use Shiro's Subject in Spring Decorator Controller

Question

I'm using Spring with Shiro, and in my Spring project I have a decorator controller that displays a decorator page via sitemesh. The decorator page adds onto every page navigation links, like login and logout.

I want login and logout to appear based on whether someone is actually logged in or not, so I figured the way to do that was this:

@Controller
public class DecoratorController extends AbstractController{

 @Override
 @RequestMapping(value = "/decorator.htm")
 protected ModelAndView handleRequestInternal(HttpServletRequest request,
    HttpServletResponse response) throws Exception {

    ModelAndView model = new ModelAndView("DecoratorPage");

    Subject currentUser = SecurityUtils.getSubject();

    if (currentUser.isAuthenticated())
        model.addObject("login", "display: none;");
    else
        model.addObject("logout", "display: none;");

    return model;
 }
}

sitemesh.xml:

<sitemesh>
  <mapping path="/*.htm" decorator="/decorator.htm"/>
</sitemesh>

However, this results in the error:

No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an invalid application configuration.

Why can't I use Shiro here but I can use it in other controllers?

Answer 1

Coworker discovered that the problem lies in the order that the beans are created. Definition of Shiro filter should appear before defining Sitemesh.