You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by John Cladmore <ju...@lorrev.org> on 2008/11/04 23:13:10 UTC

How to use my own realm?

Hi all,

I am new to JSec.  I was messing with Spring Security before deciding to 
try JS.  Here is where I am stuck.  I have created a simple web app 
using the jsp pages from the web sample in the JS distribution.  I have 
successfully configured JS to use either Basic Auth or Form Auth 
filters.  I read that to use my own realm, I could set my own realm in 
the default security manager (which is the only implemented security 
manager and which is created by default).  So i did something like this:

    MyRealm myRealm = new MyRealm();
    DefaultWebSecurityManager dsm = new DefaultWebSecurityManager(myRealm);
    SecurityUtils.setSecurityManager(dsm);

MyRealm implements Realm, I have also tired extending one of the other 
realms.  I have even tried creating a default security manager and 
setting the realm.

None of my efforts have been successful so far.   So what exactly am I 
doing wrong or missing?

I have been able to get the login page and my servlet to handle the 
login form to invoke.  In my servlet i tried to do all of this and login 
(this is just testing stuff).

Please help.

Thanks.

.v

Re: How to use my own realm?

Posted by Jeremy Haile <jh...@fastmail.fm>.

Hey John,

Most users building webapps with JSecurity use the JSecurityFilter,  
which is easier than declaring the security manager yourself.  Check  
out web.xml in the quickstart app included in the sample app for an  
example.

If you are using Spring, you will want to declare the  
SpringJSecurityFilter.  Using this filter, if you want to use the  
default security manager, you can simply declare a Realm in spring and  
the filter will automatically use it.  If you want to configure the  
security manager manually, you can just drop the security manager in  
your Spring application context, and the SpringJSecurityFilter will  
automatically pick that up.

If you want to use the default JSecurityFilter without spring, you can  
specify a custom realm by adding a [main] section to your JSecurity  
config (either specified in web.xml or in jsecurity.ini) such as:
myRealm = com.mydomain.MyRealm

Hope this helps you get started.  Let me know if you run into any  
problems!

Jeremy

On Nov 4, 2008, at 5:13 PM, John Cladmore wrote:

> Hi all,
>
> I am new to JSec.  I was messing with Spring Security before  
> deciding to try JS.  Here is where I am stuck.  I have created a  
> simple web app using the jsp pages from the web sample in the JS  
> distribution.  I have successfully configured JS to use either Basic  
> Auth or Form Auth filters.  I read that to use my own realm, I could  
> set my own realm in the default security manager (which is the only  
> implemented security manager and which is created by default).  So i  
> did something like this:
>
>   MyRealm myRealm = new MyRealm();
>   DefaultWebSecurityManager dsm = new  
> DefaultWebSecurityManager(myRealm);
>   SecurityUtils.setSecurityManager(dsm);
>
> MyRealm implements Realm, I have also tired extending one of the  
> other realms.  I have even tried creating a default security manager  
> and setting the realm.
>
> None of my efforts have been successful so far.   So what exactly am  
> I doing wrong or missing?
>
> I have been able to get the login page and my servlet to handle the  
> login form to invoke.  In my servlet i tried to do all of this and  
> login (this is just testing stuff).
>
> Please help.
>
> Thanks.
>
> .v