You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Claire Hunsaker <cl...@stormpath.com> on 2012/05/03 03:35:58 UTC
New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Hi All -
There has been a lot of good Shiro action on GitHub recently, including
some worthy, in-progress projects that could use some extra hands (marked
below with **).
In case you want to jump in, I posted a roundup on the Stormpath blog:
http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
Included:
-- Grails Integration
-- Play/Shiro Integration**
-- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
-- Shiro on Google App Engine
-- OAuth for Shiro
-- Lift Integration for Apache Shiro
-- 55 Minutes Wicket
Please let me know if I missed any!
Claire
--
Claire Hunsaker
VP Community and Marketing, Stormpath
claire@stormpath.com
www.stormpath.com
Follow us: @goStormpath
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Les Hazlewood <lh...@apache.org>.
Hi Jerome,
It's appropriate :) Additionally, if you have GitHub projects that
use or modify Shiro and you'd like to share them, please let us know -
that's what the blog post was capturing.
Cheers,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog
On Thu, May 3, 2012 at 12:27 PM, jleleu <le...@gmail.com> wrote:
> Hi,
>
> I don't know if it's appropriate to say it on this thread, but as I saw
> "OAuth for Shiro", I'd like to mention that I propose a module to add OAuth
> client support for Shiro.
> The thread :
> http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-td7240738.html
> and the JIRA with doc and SVN patch :
> https://issues.apache.org/jira/browse/SHIRO-119.
>
> If people are interested in OAuth for Shiro...
>
> Best regards,
> Jérôme
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/New-Shiro-integrations-on-GitHub-Grails-Play-Oauth-and-more-tp7522078p7524906.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by jleleu <le...@gmail.com>.
Hi,
I don't know if it's appropriate to say it on this thread, but as I saw
"OAuth for Shiro", I'd like to mention that I propose a module to add OAuth
client support for Shiro.
The thread :
http://shiro-developer.582600.n2.nabble.com/Add-OAuth-support-for-Shiro-td7240738.html
and the JIRA with doc and SVN patch :
https://issues.apache.org/jira/browse/SHIRO-119.
If people are interested in OAuth for Shiro...
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/New-Shiro-integrations-on-GitHub-Grails-Play-Oauth-and-more-tp7522078p7524906.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Will Sargent <wi...@gmail.com>.
I'll see about updating the Play / Shiro project now 1.2 is out.
Will.
On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
> Hi All -
>
> There has been a lot of good Shiro action on GitHub recently, including
> some worthy, in-progress projects that could use some extra hands (marked
> below with **).
>
> In case you want to jump in, I posted a roundup on the Stormpath blog:
> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>
> Included:
> -- Grails Integration
> -- Play/Shiro Integration**
> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
> -- Shiro on Google App Engine
> -- OAuth for Shiro
> -- Lift Integration for Apache Shiro
> -- 55 Minutes Wicket
>
> Please let me know if I missed any!
> Claire
>
> --
> Claire Hunsaker
> VP Community and Marketing, Stormpath
> claire@stormpath.com
> www.stormpath.com
> Follow us: @goStormpath
>
>
>
>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Will Sargent <wi...@gmail.com>.
I realize it's been almost a year, but I don't think that using a
noSessionCreation filter will work in Play, because Play doesn't built on
top of the Servlet API -- requests are built from Netty, and are immutable
-- there's no such thing as attributes on the request, and no way to set
one.
What's the best way to specify a "noSessionCreation" effect directly,
without going through shiro-web?
Will.
On Tue, May 8, 2012 at 11:42 AM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Will,
>
> I assume when you say 'auth' you mean AuthC, aka Authentication and not
> AuthZ, Authorization. If so, there isn't any current docs on it, but it is
> super simple. Here is how you do it in shiro.ini (for example, assuming
> /rest/** endpoints are stateless):
>
>
> [urls]
> /rest/** = noSessionCreation,authcBasic
>
> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
> down the filter chain) won't create a new Http Session, enforcing
> statelessness. The authcBasic is a typical HTTP Basic Authentication
> filter that calls subject.login.
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
>
> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>wrote:
>
>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>
>> Is there an example for how to use stateless auth in the shiro docs? I
>> was never quite sure about that.
>>
>> Will.
>>
>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
>>
>>> Hi All -
>>>
>>> There has been a lot of good Shiro action on GitHub recently, including
>>> some worthy, in-progress projects that could use some extra hands (marked
>>> below with **).
>>>
>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>
>>> Included:
>>> -- Grails Integration
>>> -- Play/Shiro Integration**
>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>> -- Shiro on Google App Engine
>>> -- OAuth for Shiro
>>> -- Lift Integration for Apache Shiro
>>> -- 55 Minutes Wicket
>>>
>>> Please let me know if I missed any!
>>> Claire
>>>
>>> --
>>> Claire Hunsaker
>>> VP Community and Marketing, Stormpath
>>> claire@stormpath.com
>>> www.stormpath.com
>>> Follow us: @goStormpath
>>>
>>>
>>>
>>>
>>>
>>
>
Re: Add key for PassThruAuthenticationFilter
Posted by Les Hazlewood <lh...@apache.org>.
No reason really - I think it was an oversight. I think we should probably
add it to DefaultFilter.
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Wed, May 9, 2012 at 9:16 AM, Jared Bunting
<ja...@peachjean.com>wrote:
> I have no objections to that.
>
> My policy for the keys in ShiroWebModule was to duplicate exactly the
> enum values in DefaultFilter. (This is enforced by DefaultFiltersTest.)
>
> So, I'm curious if there's a reason that PassThruAuthenticationFilter
> wasn't added as a default filter originally?
>
> -Jared
>
> On Wed 09 May 2012 03:39:50 AM CDT, Alex opn wrote:
> >
> > It's a bit offtopic, sorry for that but I think it's not worth an own
> > thread. I'm also using shiro with guice and realized that there's no
> > built in Key for PassThruAuthenticationFilter.class. It's no big deal
> > to add this in the extending shiro guice module but anyway it would be
> > nice to have all Keys ready to use for the standard shiro filters
> > available.
> >
> > On Tue, May 8, 2012 at 11:47 PM, Jared Bunting
> > <jared.bunting@peachjean.com <ma...@peachjean.com>>
> wrote:
> >
> > Guess I wasn't fast enough. That looks correct to me. That would be
> > equivalent to the following in shiro.ini:
> >
> > /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
> >
> > -Jared
> >
> > On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> > > I think I figured it out.
> > >
> > > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> > > AUTHC_BASIC, config(REST, "permission"));
> > >
> > > I just happened to be looking for that.
> > >
> > > Thanks,
> > >
> > > Warren Bell
> > >
> > > On 5/8/12 12:03 PM, Les Hazlewood wrote:
> > >> I'm not a Guice user, so I can't answer that question - maybe
> > Jared could
> > >> help here (author of the Guice support).
> > >>
> > >> There is a com.google.inject.Key available for its class however as
> > >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do
> > with that
> > >> though - but hopefully it gives you some ideas.
> > >>
> > >> Cheers,
> > >>
> > >> --
> > >> Les Hazlewood
> > >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> > >> 888.391.5282
> > >> twitter: @lhazlewood | http://twitter.com/lhazlewood
> > >> blog: http://leshazlewood.com
> > >> stormpath blog:
> > >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> > >>
> > >>
> > >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell
> > <warrenbell2@gmail.com <ma...@gmail.com>> wrote:
> > >>
> > >>> How would the url /rest/** = noSessionCreation,authcBasic look
> > in the
> > >>> ShiroWebModule ?
> > >>>
> > >>> Thanks,
> > >>>
> > >>> Warren Bell
> > >>>
> > >>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> > >>>> Hi Will,
> > >>>>
> > >>>> I assume when you say 'auth' you mean AuthC, aka
> > Authentication and not
> > >>>> AuthZ, Authorization. If so, there isn't any current docs on
> > it, but it
> > >>> is
> > >>>> super simple. Here is how you do it in shiro.ini (for
> > example, assuming
> > >>>> /rest/** endpoints are stateless):
> > >>>>
> > >>>>
> > >>>> [urls]
> > >>>> /rest/** = noSessionCreation,authcBasic
> > >>>>
> > >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone
> > else further
> > >>>> down the filter chain) won't create a new Http Session, enforcing
> > >>>> statelessness. The authcBasic is a typical HTTP Basic
> > Authentication
> > >>>> filter that calls subject.login.
> > >>>>
> > >>>> HTH,
> > >>>>
> > >>>> --
> > >>>> Les Hazlewood
> > >>>> CTO, Stormpath | http://stormpath.com
> > <http://www.stormpath.com/> |
> > >>>> 888.391.5282
> > >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
> > >>>> blog: http://leshazlewood.com
> > >>>> stormpath blog:
> > >>>>
> > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> > >>>>
> > >>>>
> > >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent
> > <will.sargent@gmail.com <ma...@gmail.com>>
> > >>> wrote:
> > >>>>
> > >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> > >>>>>
> > >>>>> Is there an example for how to use stateless auth in the
> > shiro docs? I
> > >>>>> was never quite sure about that.
> > >>>>>
> > >>>>> Will.
> > >>>>>
> > >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker
> > <claire@stormpath.com <ma...@stormpath.com>
> > >>>> wrote:
> > >>>>>
> > >>>>>> Hi All -
> > >>>>>>
> > >>>>>> There has been a lot of good Shiro action on GitHub
> > recently, including
> > >>>>>> some worthy, in-progress projects that could use some extra
> > hands
> > >>> (marked
> > >>>>>> below with **).
> > >>>>>>
> > >>>>>> In case you want to jump in, I posted a roundup on the
> > Stormpath blog:
> > >>>>>>
> > http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> > >>>>>>
> > >>>>>> Included:
> > >>>>>> -- Grails Integration
> > >>>>>> -- Play/Shiro Integration**
> > >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from
> > Bubba**
> > >>>>>> -- Shiro on Google App Engine
> > >>>>>> -- OAuth for Shiro
> > >>>>>> -- Lift Integration for Apache Shiro
> > >>>>>> -- 55 Minutes Wicket
> > >>>>>>
> > >>>>>> Please let me know if I missed any!
> > >>>>>> Claire
> > >>>>>>
> > >>>>>> --
> > >>>>>> Claire Hunsaker
> > >>>>>> VP Community and Marketing, Stormpath
> > >>>>>> claire@stormpath.com <ma...@stormpath.com>
> > >>>>>> www.stormpath.com <http://www.stormpath.com>
> > >>>>>> Follow us: @goStormpath
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>
> > >>>>
> > >>>
> > >>
> >
> >
> >
>
>
>
Add key for PassThruAuthenticationFilter
Posted by Jared Bunting <ja...@peachjean.com>.
I have no objections to that.
My policy for the keys in ShiroWebModule was to duplicate exactly the
enum values in DefaultFilter. (This is enforced by DefaultFiltersTest.)
So, I'm curious if there's a reason that PassThruAuthenticationFilter
wasn't added as a default filter originally?
-Jared
On Wed 09 May 2012 03:39:50 AM CDT, Alex opn wrote:
>
> It's a bit offtopic, sorry for that but I think it's not worth an own
> thread. I'm also using shiro with guice and realized that there's no
> built in Key for PassThruAuthenticationFilter.class. It's no big deal
> to add this in the extending shiro guice module but anyway it would be
> nice to have all Keys ready to use for the standard shiro filters
> available.
>
> On Tue, May 8, 2012 at 11:47 PM, Jared Bunting
> <jared.bunting@peachjean.com <ma...@peachjean.com>> wrote:
>
> Guess I wasn't fast enough. That looks correct to me. That would be
> equivalent to the following in shiro.ini:
>
> /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
>
> -Jared
>
> On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> > I think I figured it out.
> >
> > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> > AUTHC_BASIC, config(REST, "permission"));
> >
> > I just happened to be looking for that.
> >
> > Thanks,
> >
> > Warren Bell
> >
> > On 5/8/12 12:03 PM, Les Hazlewood wrote:
> >> I'm not a Guice user, so I can't answer that question - maybe
> Jared could
> >> help here (author of the Guice support).
> >>
> >> There is a com.google.inject.Key available for its class however as
> >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do
> with that
> >> though - but hopefully it gives you some ideas.
> >>
> >> Cheers,
> >>
> >> --
> >> Les Hazlewood
> >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> >> 888.391.5282
> >> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >> blog: http://leshazlewood.com
> >> stormpath blog:
> >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>
> >>
> >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell
> <warrenbell2@gmail.com <ma...@gmail.com>> wrote:
> >>
> >>> How would the url /rest/** = noSessionCreation,authcBasic look
> in the
> >>> ShiroWebModule ?
> >>>
> >>> Thanks,
> >>>
> >>> Warren Bell
> >>>
> >>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> >>>> Hi Will,
> >>>>
> >>>> I assume when you say 'auth' you mean AuthC, aka
> Authentication and not
> >>>> AuthZ, Authorization. If so, there isn't any current docs on
> it, but it
> >>> is
> >>>> super simple. Here is how you do it in shiro.ini (for
> example, assuming
> >>>> /rest/** endpoints are stateless):
> >>>>
> >>>>
> >>>> [urls]
> >>>> /rest/** = noSessionCreation,authcBasic
> >>>>
> >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone
> else further
> >>>> down the filter chain) won't create a new Http Session, enforcing
> >>>> statelessness. The authcBasic is a typical HTTP Basic
> Authentication
> >>>> filter that calls subject.login.
> >>>>
> >>>> HTH,
> >>>>
> >>>> --
> >>>> Les Hazlewood
> >>>> CTO, Stormpath | http://stormpath.com
> <http://www.stormpath.com/> |
> >>>> 888.391.5282
> >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >>>> blog: http://leshazlewood.com
> >>>> stormpath blog:
> >>>>
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>>>
> >>>>
> >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent
> <will.sargent@gmail.com <ma...@gmail.com>>
> >>> wrote:
> >>>>
> >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> >>>>>
> >>>>> Is there an example for how to use stateless auth in the
> shiro docs? I
> >>>>> was never quite sure about that.
> >>>>>
> >>>>> Will.
> >>>>>
> >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker
> <claire@stormpath.com <ma...@stormpath.com>
> >>>> wrote:
> >>>>>
> >>>>>> Hi All -
> >>>>>>
> >>>>>> There has been a lot of good Shiro action on GitHub
> recently, including
> >>>>>> some worthy, in-progress projects that could use some extra
> hands
> >>> (marked
> >>>>>> below with **).
> >>>>>>
> >>>>>> In case you want to jump in, I posted a roundup on the
> Stormpath blog:
> >>>>>>
> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> >>>>>>
> >>>>>> Included:
> >>>>>> -- Grails Integration
> >>>>>> -- Play/Shiro Integration**
> >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from
> Bubba**
> >>>>>> -- Shiro on Google App Engine
> >>>>>> -- OAuth for Shiro
> >>>>>> -- Lift Integration for Apache Shiro
> >>>>>> -- 55 Minutes Wicket
> >>>>>>
> >>>>>> Please let me know if I missed any!
> >>>>>> Claire
> >>>>>>
> >>>>>> --
> >>>>>> Claire Hunsaker
> >>>>>> VP Community and Marketing, Stormpath
> >>>>>> claire@stormpath.com <ma...@stormpath.com>
> >>>>>> www.stormpath.com <http://www.stormpath.com>
> >>>>>> Follow us: @goStormpath
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
>
>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Alex opn <op...@googlemail.com>.
It's a bit offtopic, sorry for that but I think it's not worth an own
thread. I'm also using shiro with guice and realized that there's no built
in Key for PassThruAuthenticationFilter.class. It's no big deal to add this
in the extending shiro guice module but anyway it would be nice to have all
Keys ready to use for the standard shiro filters available.
On Tue, May 8, 2012 at 11:47 PM, Jared Bunting
<ja...@peachjean.com>wrote:
> Guess I wasn't fast enough. That looks correct to me. That would be
> equivalent to the following in shiro.ini:
>
> /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
>
> -Jared
>
> On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> > I think I figured it out.
> >
> > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> > AUTHC_BASIC, config(REST, "permission"));
> >
> > I just happened to be looking for that.
> >
> > Thanks,
> >
> > Warren Bell
> >
> > On 5/8/12 12:03 PM, Les Hazlewood wrote:
> >> I'm not a Guice user, so I can't answer that question - maybe Jared
> could
> >> help here (author of the Guice support).
> >>
> >> There is a com.google.inject.Key available for its class however as
> >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with
> that
> >> though - but hopefully it gives you some ideas.
> >>
> >> Cheers,
> >>
> >> --
> >> Les Hazlewood
> >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> >> 888.391.5282
> >> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >> blog: http://leshazlewood.com
> >> stormpath blog:
> >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>
> >>
> >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell <wa...@gmail.com>
> wrote:
> >>
> >>> How would the url /rest/** = noSessionCreation,authcBasic look in the
> >>> ShiroWebModule ?
> >>>
> >>> Thanks,
> >>>
> >>> Warren Bell
> >>>
> >>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> >>>> Hi Will,
> >>>>
> >>>> I assume when you say 'auth' you mean AuthC, aka Authentication and
> not
> >>>> AuthZ, Authorization. If so, there isn't any current docs on it, but
> it
> >>> is
> >>>> super simple. Here is how you do it in shiro.ini (for example,
> assuming
> >>>> /rest/** endpoints are stateless):
> >>>>
> >>>>
> >>>> [urls]
> >>>> /rest/** = noSessionCreation,authcBasic
> >>>>
> >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone else
> further
> >>>> down the filter chain) won't create a new Http Session, enforcing
> >>>> statelessness. The authcBasic is a typical HTTP Basic Authentication
> >>>> filter that calls subject.login.
> >>>>
> >>>> HTH,
> >>>>
> >>>> --
> >>>> Les Hazlewood
> >>>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> >>>> 888.391.5282
> >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
> >>>> blog: http://leshazlewood.com
> >>>> stormpath blog:
> >>>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >>>>
> >>>>
> >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>
> >>> wrote:
> >>>>
> >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> >>>>>
> >>>>> Is there an example for how to use stateless auth in the shiro docs?
> I
> >>>>> was never quite sure about that.
> >>>>>
> >>>>> Will.
> >>>>>
> >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <
> claire@stormpath.com
> >>>> wrote:
> >>>>>
> >>>>>> Hi All -
> >>>>>>
> >>>>>> There has been a lot of good Shiro action on GitHub recently,
> including
> >>>>>> some worthy, in-progress projects that could use some extra hands
> >>> (marked
> >>>>>> below with **).
> >>>>>>
> >>>>>> In case you want to jump in, I posted a roundup on the Stormpath
> blog:
> >>>>>>
> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> >>>>>>
> >>>>>> Included:
> >>>>>> -- Grails Integration
> >>>>>> -- Play/Shiro Integration**
> >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
> >>>>>> -- Shiro on Google App Engine
> >>>>>> -- OAuth for Shiro
> >>>>>> -- Lift Integration for Apache Shiro
> >>>>>> -- 55 Minutes Wicket
> >>>>>>
> >>>>>> Please let me know if I missed any!
> >>>>>> Claire
> >>>>>>
> >>>>>> --
> >>>>>> Claire Hunsaker
> >>>>>> VP Community and Marketing, Stormpath
> >>>>>> claire@stormpath.com
> >>>>>> www.stormpath.com
> >>>>>> Follow us: @goStormpath
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>
> >>
>
>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Jared Bunting <ja...@peachjean.com>.
Guess I wasn't fast enough. That looks correct to me. That would be
equivalent to the following in shiro.ini:
/pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
-Jared
On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> I think I figured it out.
>
> addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> AUTHC_BASIC, config(REST, "permission"));
>
> I just happened to be looking for that.
>
> Thanks,
>
> Warren Bell
>
> On 5/8/12 12:03 PM, Les Hazlewood wrote:
>> I'm not a Guice user, so I can't answer that question - maybe Jared could
>> help here (author of the Guice support).
>>
>> There is a com.google.inject.Key available for its class however as
>> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with that
>> though - but hopefully it gives you some ideas.
>>
>> Cheers,
>>
>> --
>> Les Hazlewood
>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>> 888.391.5282
>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>> blog: http://leshazlewood.com
>> stormpath blog:
>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>
>>
>> On Tue, May 8, 2012 at 11:56 AM, Warren Bell <wa...@gmail.com> wrote:
>>
>>> How would the url /rest/** = noSessionCreation,authcBasic look in the
>>> ShiroWebModule ?
>>>
>>> Thanks,
>>>
>>> Warren Bell
>>>
>>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
>>>> Hi Will,
>>>>
>>>> I assume when you say 'auth' you mean AuthC, aka Authentication and not
>>>> AuthZ, Authorization. If so, there isn't any current docs on it, but it
>>> is
>>>> super simple. Here is how you do it in shiro.ini (for example, assuming
>>>> /rest/** endpoints are stateless):
>>>>
>>>>
>>>> [urls]
>>>> /rest/** = noSessionCreation,authcBasic
>>>>
>>>> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
>>>> down the filter chain) won't create a new Http Session, enforcing
>>>> statelessness. The authcBasic is a typical HTTP Basic Authentication
>>>> filter that calls subject.login.
>>>>
>>>> HTH,
>>>>
>>>> --
>>>> Les Hazlewood
>>>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>>>> 888.391.5282
>>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>>>> blog: http://leshazlewood.com
>>>> stormpath blog:
>>>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>>>
>>>>
>>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>
>>> wrote:
>>>>
>>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>>>>
>>>>> Is there an example for how to use stateless auth in the shiro docs? I
>>>>> was never quite sure about that.
>>>>>
>>>>> Will.
>>>>>
>>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <claire@stormpath.com
>>>> wrote:
>>>>>
>>>>>> Hi All -
>>>>>>
>>>>>> There has been a lot of good Shiro action on GitHub recently, including
>>>>>> some worthy, in-progress projects that could use some extra hands
>>> (marked
>>>>>> below with **).
>>>>>>
>>>>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>>>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>>>>
>>>>>> Included:
>>>>>> -- Grails Integration
>>>>>> -- Play/Shiro Integration**
>>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>>>>> -- Shiro on Google App Engine
>>>>>> -- OAuth for Shiro
>>>>>> -- Lift Integration for Apache Shiro
>>>>>> -- 55 Minutes Wicket
>>>>>>
>>>>>> Please let me know if I missed any!
>>>>>> Claire
>>>>>>
>>>>>> --
>>>>>> Claire Hunsaker
>>>>>> VP Community and Marketing, Stormpath
>>>>>> claire@stormpath.com
>>>>>> www.stormpath.com
>>>>>> Follow us: @goStormpath
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Warren Bell <wa...@gmail.com>.
I think I figured it out.
addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
AUTHC_BASIC, config(REST, "permission"));
I just happened to be looking for that.
Thanks,
Warren Bell
On 5/8/12 12:03 PM, Les Hazlewood wrote:
> I'm not a Guice user, so I can't answer that question - maybe Jared could
> help here (author of the Guice support).
>
> There is a com.google.inject.Key available for its class however as
> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with that
> though - but hopefully it gives you some ideas.
>
> Cheers,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog:
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
>
> On Tue, May 8, 2012 at 11:56 AM, Warren Bell <wa...@gmail.com> wrote:
>
>> How would the url /rest/** = noSessionCreation,authcBasic look in the
>> ShiroWebModule ?
>>
>> Thanks,
>>
>> Warren Bell
>>
>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
>>> Hi Will,
>>>
>>> I assume when you say 'auth' you mean AuthC, aka Authentication and not
>>> AuthZ, Authorization. If so, there isn't any current docs on it, but it
>> is
>>> super simple. Here is how you do it in shiro.ini (for example, assuming
>>> /rest/** endpoints are stateless):
>>>
>>>
>>> [urls]
>>> /rest/** = noSessionCreation,authcBasic
>>>
>>> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
>>> down the filter chain) won't create a new Http Session, enforcing
>>> statelessness. The authcBasic is a typical HTTP Basic Authentication
>>> filter that calls subject.login.
>>>
>>> HTH,
>>>
>>> --
>>> Les Hazlewood
>>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>>> 888.391.5282
>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>>> blog: http://leshazlewood.com
>>> stormpath blog:
>>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>>
>>>
>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>
>> wrote:
>>>
>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>>>
>>>> Is there an example for how to use stateless auth in the shiro docs? I
>>>> was never quite sure about that.
>>>>
>>>> Will.
>>>>
>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <claire@stormpath.com
>>> wrote:
>>>>
>>>>> Hi All -
>>>>>
>>>>> There has been a lot of good Shiro action on GitHub recently, including
>>>>> some worthy, in-progress projects that could use some extra hands
>> (marked
>>>>> below with **).
>>>>>
>>>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>>>
>>>>> Included:
>>>>> -- Grails Integration
>>>>> -- Play/Shiro Integration**
>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>>>> -- Shiro on Google App Engine
>>>>> -- OAuth for Shiro
>>>>> -- Lift Integration for Apache Shiro
>>>>> -- 55 Minutes Wicket
>>>>>
>>>>> Please let me know if I missed any!
>>>>> Claire
>>>>>
>>>>> --
>>>>> Claire Hunsaker
>>>>> VP Community and Marketing, Stormpath
>>>>> claire@stormpath.com
>>>>> www.stormpath.com
>>>>> Follow us: @goStormpath
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Les Hazlewood <lh...@apache.org>.
I'm not a Guice user, so I can't answer that question - maybe Jared could
help here (author of the Guice support).
There is a com.google.inject.Key available for its class however as
ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with that
though - but hopefully it gives you some ideas.
Cheers,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Tue, May 8, 2012 at 11:56 AM, Warren Bell <wa...@gmail.com> wrote:
> How would the url /rest/** = noSessionCreation,authcBasic look in the
> ShiroWebModule ?
>
> Thanks,
>
> Warren Bell
>
> On 5/8/12 11:42 AM, Les Hazlewood wrote:
> > Hi Will,
> >
> > I assume when you say 'auth' you mean AuthC, aka Authentication and not
> > AuthZ, Authorization. If so, there isn't any current docs on it, but it
> is
> > super simple. Here is how you do it in shiro.ini (for example, assuming
> > /rest/** endpoints are stateless):
> >
> >
> > [urls]
> > /rest/** = noSessionCreation,authcBasic
> >
> > The 'noSessionCreation' filter ensures that Shiro (or anyone else further
> > down the filter chain) won't create a new Http Session, enforcing
> > statelessness. The authcBasic is a typical HTTP Basic Authentication
> > filter that calls subject.login.
> >
> > HTH,
> >
> > --
> > Les Hazlewood
> > CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> > 888.391.5282
> > twitter: @lhazlewood | http://twitter.com/lhazlewood
> > blog: http://leshazlewood.com
> > stormpath blog:
> > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
> >
> >
> > On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>
> wrote:
> >
> >> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
> >>
> >> Is there an example for how to use stateless auth in the shiro docs? I
> >> was never quite sure about that.
> >>
> >> Will.
> >>
> >> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <claire@stormpath.com
> >wrote:
> >>
> >>> Hi All -
> >>>
> >>> There has been a lot of good Shiro action on GitHub recently, including
> >>> some worthy, in-progress projects that could use some extra hands
> (marked
> >>> below with **).
> >>>
> >>> In case you want to jump in, I posted a roundup on the Stormpath blog:
> >>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
> >>>
> >>> Included:
> >>> -- Grails Integration
> >>> -- Play/Shiro Integration**
> >>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
> >>> -- Shiro on Google App Engine
> >>> -- OAuth for Shiro
> >>> -- Lift Integration for Apache Shiro
> >>> -- 55 Minutes Wicket
> >>>
> >>> Please let me know if I missed any!
> >>> Claire
> >>>
> >>> --
> >>> Claire Hunsaker
> >>> VP Community and Marketing, Stormpath
> >>> claire@stormpath.com
> >>> www.stormpath.com
> >>> Follow us: @goStormpath
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Warren Bell <wa...@gmail.com>.
How would the url /rest/** = noSessionCreation,authcBasic look in the
ShiroWebModule ?
Thanks,
Warren Bell
On 5/8/12 11:42 AM, Les Hazlewood wrote:
> Hi Will,
>
> I assume when you say 'auth' you mean AuthC, aka Authentication and not
> AuthZ, Authorization. If so, there isn't any current docs on it, but it is
> super simple. Here is how you do it in shiro.ini (for example, assuming
> /rest/** endpoints are stateless):
>
>
> [urls]
> /rest/** = noSessionCreation,authcBasic
>
> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
> down the filter chain) won't create a new Http Session, enforcing
> statelessness. The authcBasic is a typical HTTP Basic Authentication
> filter that calls subject.login.
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog:
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
>
> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com> wrote:
>
>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>
>> Is there an example for how to use stateless auth in the shiro docs? I
>> was never quite sure about that.
>>
>> Will.
>>
>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
>>
>>> Hi All -
>>>
>>> There has been a lot of good Shiro action on GitHub recently, including
>>> some worthy, in-progress projects that could use some extra hands (marked
>>> below with **).
>>>
>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>
>>> Included:
>>> -- Grails Integration
>>> -- Play/Shiro Integration**
>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>> -- Shiro on Google App Engine
>>> -- OAuth for Shiro
>>> -- Lift Integration for Apache Shiro
>>> -- 55 Minutes Wicket
>>>
>>> Please let me know if I missed any!
>>> Claire
>>>
>>> --
>>> Claire Hunsaker
>>> VP Community and Marketing, Stormpath
>>> claire@stormpath.com
>>> www.stormpath.com
>>> Follow us: @goStormpath
>>>
>>>
>>>
>>>
>>>
>>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Les Hazlewood <lh...@apache.org>.
P.S. In a stateless scenario (like REST), you might also wish to enable
Authentication Caching for the realm(s) consulted during an authentication
attempt, e.g.:
[main]
myRealm.authenticationCachingEnabled = true
This ensures that authentication attempts for frequently authenticating
accounts (as would be the case with a REST client that authenticates on
every request) remain fast without needing to 'hit' the backing datastore
every time. Only enable this if it is 'safe' to do so however, as
documented here:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
These two things (authentication caching + noSessionCreation filter) are
used for stateless authc.
HTH,
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Tue, May 8, 2012 at 11:42 AM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Will,
>
> I assume when you say 'auth' you mean AuthC, aka Authentication and not
> AuthZ, Authorization. If so, there isn't any current docs on it, but it is
> super simple. Here is how you do it in shiro.ini (for example, assuming
> /rest/** endpoints are stateless):
>
>
> [urls]
> /rest/** = noSessionCreation,authcBasic
>
> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
> down the filter chain) won't create a new Http Session, enforcing
> statelessness. The authcBasic is a typical HTTP Basic Authentication
> filter that calls subject.login.
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
>
> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com>wrote:
>
>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>
>> Is there an example for how to use stateless auth in the shiro docs? I
>> was never quite sure about that.
>>
>> Will.
>>
>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
>>
>>> Hi All -
>>>
>>> There has been a lot of good Shiro action on GitHub recently, including
>>> some worthy, in-progress projects that could use some extra hands (marked
>>> below with **).
>>>
>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>
>>> Included:
>>> -- Grails Integration
>>> -- Play/Shiro Integration**
>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>> -- Shiro on Google App Engine
>>> -- OAuth for Shiro
>>> -- Lift Integration for Apache Shiro
>>> -- 55 Minutes Wicket
>>>
>>> Please let me know if I missed any!
>>> Claire
>>>
>>> --
>>> Claire Hunsaker
>>> VP Community and Marketing, Stormpath
>>> claire@stormpath.com
>>> www.stormpath.com
>>> Follow us: @goStormpath
>>>
>>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Les Hazlewood <lh...@apache.org>.
Hi Will,
I assume when you say 'auth' you mean AuthC, aka Authentication and not
AuthZ, Authorization. If so, there isn't any current docs on it, but it is
super simple. Here is how you do it in shiro.ini (for example, assuming
/rest/** endpoints are stateless):
[urls]
/rest/** = noSessionCreation,authcBasic
The 'noSessionCreation' filter ensures that Shiro (or anyone else further
down the filter chain) won't create a new Http Session, enforcing
statelessness. The authcBasic is a typical HTTP Basic Authentication
filter that calls subject.login.
HTH,
--
Les Hazlewood
CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog:
http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
On Tue, May 8, 2012 at 2:23 AM, Will Sargent <wi...@gmail.com> wrote:
> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>
> Is there an example for how to use stateless auth in the shiro docs? I
> was never quite sure about that.
>
> Will.
>
> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
>
>> Hi All -
>>
>> There has been a lot of good Shiro action on GitHub recently, including
>> some worthy, in-progress projects that could use some extra hands (marked
>> below with **).
>>
>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>
>> Included:
>> -- Grails Integration
>> -- Play/Shiro Integration**
>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>> -- Shiro on Google App Engine
>> -- OAuth for Shiro
>> -- Lift Integration for Apache Shiro
>> -- 55 Minutes Wicket
>>
>> Please let me know if I missed any!
>> Claire
>>
>> --
>> Claire Hunsaker
>> VP Community and Marketing, Stormpath
>> claire@stormpath.com
>> www.stormpath.com
>> Follow us: @goStormpath
>>
>>
>>
>>
>>
>
Re: New Shiro integrations on GitHub: Grails, Play, Oauth, and more
Posted by Will Sargent <wi...@gmail.com>.
I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
Is there an example for how to use stateless auth in the shiro docs? I was
never quite sure about that.
Will.
On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <cl...@stormpath.com>wrote:
> Hi All -
>
> There has been a lot of good Shiro action on GitHub recently, including
> some worthy, in-progress projects that could use some extra hands (marked
> below with **).
>
> In case you want to jump in, I posted a roundup on the Stormpath blog:
> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>
> Included:
> -- Grails Integration
> -- Play/Shiro Integration**
> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
> -- Shiro on Google App Engine
> -- OAuth for Shiro
> -- Lift Integration for Apache Shiro
> -- 55 Minutes Wicket
>
> Please let me know if I missed any!
> Claire
>
> --
> Claire Hunsaker
> VP Community and Marketing, Stormpath
> claire@stormpath.com
> www.stormpath.com
> Follow us: @goStormpath
>
>
>
>
>