You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Jared Bunting <ja...@peachjean.com> on 2012/05/09 18:16:03 UTC
Add key for PassThruAuthenticationFilter
I have no objections to that.
My policy for the keys in ShiroWebModule was to duplicate exactly the
enum values in DefaultFilter. (This is enforced by DefaultFiltersTest.)
So, I'm curious if there's a reason that PassThruAuthenticationFilter
wasn't added as a default filter originally?
-Jared
On Wed 09 May 2012 03:39:50 AM CDT, Alex opn wrote:
>
> It's a bit offtopic, sorry for that but I think it's not worth an own
> thread. I'm also using shiro with guice and realized that there's no
> built in Key for PassThruAuthenticationFilter.class. It's no big deal
> to add this in the extending shiro guice module but anyway it would be
> nice to have all Keys ready to use for the standard shiro filters
> available.
>
> On Tue, May 8, 2012 at 11:47 PM, Jared Bunting
> <jared.bunting@peachjean.com <ma...@peachjean.com>> wrote:
>
> Guess I wasn't fast enough. That looks correct to me. That would be
> equivalent to the following in shiro.ini:
>
> /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
>
> -Jared
>
> On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> > I think I figured it out.
> >
> > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> > AUTHC_BASIC, config(REST, "permission"));
> >
> > I just happened to be looking for that.
> >
> > Thanks,
> >
> > Warren Bell
> >
> > On 5/8/12 12:03 PM, Les Hazlewood wrote:
> >> I'm not a Guice user, so I can't answer that question - maybe
> Jared could
> >> help here (author of the Guice support).
> >>
> >> There is a com.google.inject.Key available for its class however as
> >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do
> with that
> >> though - but hopefully it gives you some ideas.
> >>
> >> Cheers,
> >>
> >> --
> >> Les Hazlewood
> >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> >> 888.391.5282
> >> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >> blog: http://leshazlewood.com
> >> stormpath blog:
> >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>
> >>
> >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell
> <warrenbell2@gmail.com <ma...@gmail.com>> wrote:
> >>
> >>> How would the url /rest/** = noSessionCreation,authcBasic look
> in the
> >>> ShiroWebModule ?
> >>>
> >>> Thanks,
> >>>
> >>> Warren Bell
> >>>
> >>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> >>>> Hi Will,
> >>>>
> >>>> I assume when you say 'auth' you mean AuthC, aka
> Authentication and not
> >>>> AuthZ, Authorization. If so, there isn't any current docs on
> it, but it
> >>> is
> >>>> super simple. Here is how you do it in shiro.ini (for
> example, assuming
> >>>> /rest/** endpoints are stateless):
> >>>>
> >>>>
> >>>> [urls]
> >>>> /rest/** = noSessionCreation,authcBasic
> >>>>
> >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone
> else further
> >>>> down the filter chain) won't create a new Http Session, enforcing
> >>>> statelessness. The authcBasic is a typical HTTP Basic
> Authentication
> >>>> filter that calls subject.login.
> >>>>
> >>>> HTH,
> >>>>
> >>>> --
> >>>> Les Hazlewood
> >>>> CTO, Stormpath | http://stormpath.com
> <http://www.stormpath.com/> |
> >>>> 888.391.5282
> >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >>>> blog: http://leshazlewood.com
> >>>> stormpath blog:
> >>>>
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>>>
> >>>>
> >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent
> <will.sargent@gmail.com <ma...@gmail.com>>
> >>> wrote:
> >>>>
> >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> >>>>>
> >>>>> Is there an example for how to use stateless auth in the
> shiro docs? I
> >>>>> was never quite sure about that.
> >>>>>
> >>>>> Will.
> >>>>>
> >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker
> <claire@stormpath.com <ma...@stormpath.com>
> >>>> wrote:
> >>>>>
> >>>>>> Hi All -
> >>>>>>
> >>>>>> There has been a lot of good Shiro action on GitHub
> recently, including
> >>>>>> some worthy, in-progress projects that could use some extra
> hands
> >>> (marked
> >>>>>> below with **).
> >>>>>>
> >>>>>> In case you want to jump in, I posted a roundup on the
> Stormpath blog:
> >>>>>>
> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> >>>>>>
> >>>>>> Included:
> >>>>>> -- Grails Integration
> >>>>>> -- Play/Shiro Integration**
> >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from
> Bubba**
> >>>>>> -- Shiro on Google App Engine
> >>>>>> -- OAuth for Shiro
> >>>>>> -- Lift Integration for Apache Shiro
> >>>>>> -- 55 Minutes Wicket
> >>>>>>
> >>>>>> Please let me know if I missed any!
> >>>>>> Claire
> >>>>>>
> >>>>>> --
> >>>>>> Claire Hunsaker
> >>>>>> VP Community and Marketing, Stormpath
> >>>>>> claire@stormpath.com <ma...@stormpath.com>
> >>>>>> www.stormpath.com <http://www.stormpath.com>
> >>>>>> Follow us: @goStormpath
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
>
>
>
Re: Add key for PassThruAuthenticationFilter
Posted by Les Hazlewood <lh...@apache.org>.
No reason really - I think it was an oversight. I think we should probably
add it to DefaultFilter.
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Wed, May 9, 2012 at 9:16 AM, Jared Bunting
<ja...@peachjean.com>wrote:
> I have no objections to that.
>
> My policy for the keys in ShiroWebModule was to duplicate exactly the
> enum values in DefaultFilter. (This is enforced by DefaultFiltersTest.)
>
> So, I'm curious if there's a reason that PassThruAuthenticationFilter
> wasn't added as a default filter originally?
>
> -Jared
>
> On Wed 09 May 2012 03:39:50 AM CDT, Alex opn wrote:
> >
> > It's a bit offtopic, sorry for that but I think it's not worth an own
> > thread. I'm also using shiro with guice and realized that there's no
> > built in Key for PassThruAuthenticationFilter.class. It's no big deal
> > to add this in the extending shiro guice module but anyway it would be
> > nice to have all Keys ready to use for the standard shiro filters
> > available.
> >
> > On Tue, May 8, 2012 at 11:47 PM, Jared Bunting
> > <jared.bunting@peachjean.com <ma...@peachjean.com>>
> wrote:
> >
> > Guess I wasn't fast enough. That looks correct to me. That would be
> > equivalent to the following in shiro.ini:
> >
> > /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
> >
> > -Jared
> >
> > On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> > > I think I figured it out.
> > >
> > > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> > > AUTHC_BASIC, config(REST, "permission"));
> > >
> > > I just happened to be looking for that.
> > >
> > > Thanks,
> > >
> > > Warren Bell
> > >
> > > On 5/8/12 12:03 PM, Les Hazlewood wrote:
> > >> I'm not a Guice user, so I can't answer that question - maybe
> > Jared could
> > >> help here (author of the Guice support).
> > >>
> > >> There is a com.google.inject.Key available for its class however as
> > >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do
> > with that
> > >> though - but hopefully it gives you some ideas.
> > >>
> > >> Cheers,
> > >>
> > >> --
> > >> Les Hazlewood
> > >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> > >> 888.391.5282
> > >> twitter: @lhazlewood | http://twitter.com/lhazlewood
> > >> blog: http://leshazlewood.com
> > >> stormpath blog:
> > >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> > >>
> > >>
> > >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell
> > <warrenbell2@gmail.com <ma...@gmail.com>> wrote:
> > >>
> > >>> How would the url /rest/** = noSessionCreation,authcBasic look
> > in the
> > >>> ShiroWebModule ?
> > >>>
> > >>> Thanks,
> > >>>
> > >>> Warren Bell
> > >>>
> > >>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> > >>>> Hi Will,
> > >>>>
> > >>>> I assume when you say 'auth' you mean AuthC, aka
> > Authentication and not
> > >>>> AuthZ, Authorization. If so, there isn't any current docs on
> > it, but it
> > >>> is
> > >>>> super simple. Here is how you do it in shiro.ini (for
> > example, assuming
> > >>>> /rest/** endpoints are stateless):
> > >>>>
> > >>>>
> > >>>> [urls]
> > >>>> /rest/** = noSessionCreation,authcBasic
> > >>>>
> > >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone
> > else further
> > >>>> down the filter chain) won't create a new Http Session, enforcing
> > >>>> statelessness. The authcBasic is a typical HTTP Basic
> > Authentication
> > >>>> filter that calls subject.login.
> > >>>>
> > >>>> HTH,
> > >>>>
> > >>>> --
> > >>>> Les Hazlewood
> > >>>> CTO, Stormpath | http://stormpath.com
> > <http://www.stormpath.com/> |
> > >>>> 888.391.5282
> > >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
> > >>>> blog: http://leshazlewood.com
> > >>>> stormpath blog:
> > >>>>
> > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> > >>>>
> > >>>>
> > >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent
> > <will.sargent@gmail.com <ma...@gmail.com>>
> > >>> wrote:
> > >>>>
> > >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> > >>>>>
> > >>>>> Is there an example for how to use stateless auth in the
> > shiro docs? I
> > >>>>> was never quite sure about that.
> > >>>>>
> > >>>>> Will.
> > >>>>>
> > >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker
> > <claire@stormpath.com <ma...@stormpath.com>
> > >>>> wrote:
> > >>>>>
> > >>>>>> Hi All -
> > >>>>>>
> > >>>>>> There has been a lot of good Shiro action on GitHub
> > recently, including
> > >>>>>> some worthy, in-progress projects that could use some extra
> > hands
> > >>> (marked
> > >>>>>> below with **).
> > >>>>>>
> > >>>>>> In case you want to jump in, I posted a roundup on the
> > Stormpath blog:
> > >>>>>>
> > http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> > >>>>>>
> > >>>>>> Included:
> > >>>>>> -- Grails Integration
> > >>>>>> -- Play/Shiro Integration**
> > >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from
> > Bubba**
> > >>>>>> -- Shiro on Google App Engine
> > >>>>>> -- OAuth for Shiro
> > >>>>>> -- Lift Integration for Apache Shiro
> > >>>>>> -- 55 Minutes Wicket
> > >>>>>>
> > >>>>>> Please let me know if I missed any!
> > >>>>>> Claire
> > >>>>>>
> > >>>>>> --
> > >>>>>> Claire Hunsaker
> > >>>>>> VP Community and Marketing, Stormpath
> > >>>>>> claire@stormpath.com <ma...@stormpath.com>
> > >>>>>> www.stormpath.com <http://www.stormpath.com>
> > >>>>>> Follow us: @goStormpath
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>
> >
> >
> >
>
>
>