You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Jan Stamer (JIRA)" <ji...@apache.org> on 2012/10/26 15:43:12 UTC
[jira] [Created] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Jan Stamer created SHIRO-392:
--------------------------------
Summary: Shiro Extension for JAX-RS Implementation Sun Jersey
Key: SHIRO-392
URL: https://issues.apache.org/jira/browse/SHIRO-392
Project: Shiro
Issue Type: Improvement
Reporter: Jan Stamer
We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
You can do the following with it:
@Path("/changelog")
@RequiresPermissions("repository:read")
public class ChangelogResourceImpl {
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Path("/addObject")
@Override
@RequiresPermissions("repository:write")
public Response addObject(ObjectJson objectJson) {
someService.addObject(object);
return Response.ok().build();
}
}
If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497424#comment-13497424 ]
Les Hazlewood commented on SHIRO-392:
-------------------------------------
Good point on the documentation - Buji is fairly new and was being vetted, so it wasn't fully materialized yet. But it looks like it will be viable for the future.
As for releases, each Buji module has its own version/lifecycle and can be released by whomever is maintaining it as they see fit.
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494150#comment-13494150 ]
Les Hazlewood commented on SHIRO-392:
-------------------------------------
Hi Jan,
There is also the Buji project where this could reside in the meantime: https://github.com/bujiio
I created this as a 100% community owned and maintained project for things that may not be in Shiro proper. Any objections to moving the Jersey integration there until we can decide if it should live in Shiro's core?
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Jan Stamer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494207#comment-13494207 ]
Jan Stamer commented on SHIRO-392:
----------------------------------
Sure that sounds good. It would be nice to add a link to that project in the documentation so people find it. And how about releases? We have our own release builds internally but it would be nice to put that stuff in a public maven repo.
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Jan Stamer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13490594#comment-13490594 ]
Jan Stamer commented on SHIRO-392:
----------------------------------
Added an implementation at Github https://github.com/PE-INTERNATIONAL/shiro-jersey .
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13485487#comment-13485487 ]
Les Hazlewood commented on SHIRO-392:
-------------------------------------
Wow, this is cool! Thanks for sharing!
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-392) Shiro Extension for JAX-RS
Implementation Sun Jersey
Posted by "Jan Stamer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484921#comment-13484921 ]
Jan Stamer commented on SHIRO-392:
----------------------------------
Here's a quick preview of the classes needed:
public class PermissionsResourceFilterFactory implements ResourceFilterFactory {
@Override
public List<ResourceFilter> create(final AbstractMethod method) {
final RequiresPermissions methodPermissions = method.getAnnotation(RequiresPermissions.class);
final RequiresPermissions resourcePermissions = method.getResource().getAnnotation(RequiresPermissions.class);
// Combine permissions on both resource and method.
String[] combinedPermissions = new String [] {};
if (resourcePermissions != null) {
combinedPermissions = concat(combinedPermissions, resourcePermissions.value());
}
if (methodPermissions != null) {
combinedPermissions = concat(combinedPermissions, methodPermissions.value());
}
if (combinedPermissions.length > 0) {
return Collections.<ResourceFilter>singletonList(createFilter(combinedPermissions));
}
return null;
}
protected ResourceFilter createFilter(final String[] allowedPermissions) {
return new PermissionsFilter(allowedPermissions);
}
public static <T> T[] concat(T[] first, T[] second) {
T[] result = Arrays.copyOf(first, first.length + second.length);
System.arraycopy(second, 0, result, first.length, second.length);
return result;
}
}
And:
public class PermissionsFilter implements ResourceFilter, ContainerRequestFilter {
/**
* The permissions required to access a REST resource.
*/
private final String[] requiredPermissions;
public PermissionsFilter(final String... requiredPermissions) {
this.requiredPermissions = requiredPermissions;
}
/**
* If the user has sufficient permissions the request is executed. Otherwise
* an exception is thrown which results in the HTTP status 403 (Forbidden).
*/
public ContainerRequest filter(final ContainerRequest request) {
if (isPermitted()) {
return request;
}
throw new WebApplicationException(Response.Status.FORBIDDEN);
}
/**
* Checks if the current subject has all required permissions.
*/
protected boolean isPermitted() {
return SecurityUtils.getSubject().isPermittedAll(requiredPermissions);
}
protected static boolean isPermitted(final String... requiredPermissions) {
return SecurityUtils.getSubject().isPermittedAll(requiredPermissions);
}
public String[] getRequiredPermissions() {
return requiredPermissions.clone();
}
public ContainerRequestFilter getRequestFilter() {
return this;
}
public ContainerResponseFilter getResponseFilter() {
return null;
}
}
> Shiro Extension for JAX-RS Implementation Sun Jersey
> ----------------------------------------------------
>
> Key: SHIRO-392
> URL: https://issues.apache.org/jira/browse/SHIRO-392
> Project: Shiro
> Issue Type: Improvement
> Reporter: Jan Stamer
>
> We've added an extension to Shiro which enables Shiro annotations in the JAX-RS implementation Sun Jersey.
> You can do the following with it:
> @Path("/changelog")
> @RequiresPermissions("repository:read")
> public class ChangelogResourceImpl {
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> @Path("/addObject")
> @Override
> @RequiresPermissions("repository:write")
> public Response addObject(ObjectJson objectJson) {
> someService.addObject(object);
> return Response.ok().build();
> }
> }
> If the user is not authenticated Http Status Code 401 is returned. If the user has insufficient privileges Status Code 403 is returned.
> Right now we've only added support for the annoation @RequiresPermissions. The other Shiro annoations could easily be added in the same fashion. Yet currently that's the only one we need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira