You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Mark Engel <ma...@gmail.com> on 2011/03/03 06:58:54 UTC
use shiro with google guice
Hello,
i tried to use Apache Shiro with Google Guice in a Servlet, but the
Dependency Injection does not work.
When I try to access a function that is protected by shiro I get an
error about a wrong configuration
org.apache.shiro.UnavailableSecurityManagerException: No
SecurityManager accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton. This
is an invalid application configuration.
I created an example project which uses Apache Shiro, Google Guice and
Jersey to bootstrap an example rest api which you can find on github
(https://github.com/mren/java-rest-boilerplate)
Could you help me to get this application running with Shiro?
This project could be shown on the website as an example on how to use
Shiro with other IoC Containers thant Spring.
What is the cleanest way to use Shiro with Guice?
Re: use shiro with google guice
Posted by Brian Demers <br...@gmail.com>.
On Fri, Mar 4, 2011 at 7:16 AM, Mark Engel <ma...@gmail.com> wrote:
> Thanks for your response, Filipe.
>
> Unfortunately I did not get it to run.
> Do you still use a ini file? If yes, what did you put inside of it?
> Which class did you copy for ShiroAuthorizingMethodInterceptor? The
> nearest I could find was
> AopAllianceAnnotationsAuthorizingMethodInterceptor (which depends on
> some spring libs, but seems to be generic enough)
>
> When I start the server with this configuration
> (https://gist.github.com/6076864909ccb471b63a) I receive a
> NullPointerException (https://gist.github.com/0357b9fca707d905b1d6)
>
> Can you define your own Realm via Guice with this method?
>
> Tamas: In this project the only reference to Guice is in the
> GuiceServletConfig (and the web.xml) which is inherited from Guice.
> Which code fragment do you mean?
We (including Tamas in the we) do not use the GuiceServletConfig, we
use a the ini config shoved inside of our web.xml. Then we configure
the component programmatically (and push in the injected bits). Its a
pain, but it was a mostly smooth transition from jsecurity.
Personally I want to get rid of the ini in our web.xml and replace the
programmatic bits with IoC configured ones.
For example we have a custom WebSecurityManager just so we can
configure everything from the initialization methods.
>
> Mark
>
> On Thu, Mar 3, 2011 at 11:33 AM, Filipe Sousa <na...@gmail.com> wrote:
>> Hi,
>>
>> I needed to use the shiro in one application that already uses Guice
>> and as such I have implemented a solution that is not perfect, but it
>> works.
>>
>> I have a module called ShiroModule that intercepts the annotations.
>>
>> public class ShiroModule extends AbstractModule {
>> @Override
>> protected void configure() {
>> ShiroAuthorizingMethodInterceptor interceptor = new
>> ShiroAuthorizingMethodInterceptor();
>> bindInterceptor(any(), annotatedWith(RequiresRoles.class), interceptor);
>> bindInterceptor(any(),
>> annotatedWith(RequiresPermissions.class), interceptor);
>> bindInterceptor(any(),
>> annotatedWith(RequiresAuthentication.class), interceptor);
>> bindInterceptor(any(), annotatedWith(RequiresUser.class), interceptor);
>> bindInterceptor(any(), annotatedWith(RequiresGuest.class), interceptor);
>> }
>> }
>>
>> I believe I have copied the class ShiroAuthorizingMethodInterceptor
>> from shiro spring and removed two lines of code (spring dependencies)
>>
>> I also created a subclass of IniShiroFilter to inject the items
>> created from shiro.ini
>>
>> @Singleton
>> public class ShiroSecurityFilter extends IniShiroFilter {
>> private final Injector injector;
>>
>> @Inject
>> protected ShiroSecurityFilter(Injector injector) {
>> this.injector = injector;
>> }
>>
>> @Override
>> protected Map<String, ?> applySecurityManager(Ini ini) {
>> Map<String, ?> beans = super.applySecurityManager(ini);
>> for (Entry<String, ?> b : beans.entrySet())
>> injector.injectMembers(b.getValue());
>> return beans;
>> }
>> }
>>
>> And finally, in my ServletModule I 'm doing this:
>>
>> install(new ShiroModule());
>> filter("/*").through(ShiroSecurityFilter.class);
>>
>> This was the quickest solution I found without having to think too
>> much, but it is not the solution I want in the future. I'd like to get
>> rid of shiro.ini and use a solution based only on Guice.
>>
>> If anyone has better solutions, do please share them.
>>
>>
>> On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <ma...@gmail.com> wrote:
>>> Hello,
>>>
>>> i tried to use Apache Shiro with Google Guice in a Servlet, but the
>>> Dependency Injection does not work.
>>> When I try to access a function that is protected by shiro I get an
>>> error about a wrong configuration
>>>
>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>> SecurityManager accessible to the calling code, either bound to the
>>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
>>> is an invalid application configuration.
>>>
>>> I created an example project which uses Apache Shiro, Google Guice and
>>> Jersey to bootstrap an example rest api which you can find on github
>>> (https://github.com/mren/java-rest-boilerplate)
>>>
>>> Could you help me to get this application running with Shiro?
>>> This project could be shown on the website as an example on how to use
>>> Shiro with other IoC Containers thant Spring.
>>>
>>> What is the cleanest way to use Shiro with Guice?
>>>
>>
>>
>>
>> --
>> Filipe Sousa
>>
>
Re: use shiro with google guice
Posted by Mark Engel <ma...@gmail.com>.
i updated the project (https://github.com/mren/java-rest-boilerplate)
with an version that injects a SecurityManager with Guice and that is
independent of an config file.
Thanks to you, Filipe, for giving me help. I hope you can use this
code in your project, too.
For the SecureResource I want to use a session less authentication via
basic auth.
But it makes no difference whether I use
curl localhost:8080/secure or curl user:password@localhost:8080/secure
I always get a UnauthenticatedException: The current Subject is not
authenticated. Access denied.
I tried to change filter("/secure/**") to filter("/secure") but there
is no difference.
When I used the ini config to set up BasicHttpAuth I got a 401
Authorization Required when accessing the url at least.
How do I set up authentication with BasicHttpAuth? Does somebody know
this problem and can give me a hint?
Mark
Re: use shiro with google guice
Posted by Filipe Sousa <na...@gmail.com>.
And I am sending the email again as the the previous email didn't
follow directly to the list.
Hi
Yes, I'm still using the ini file (shiro.ini). The following is an
example of shiro.ini that I'm using in a recent project.
[main]
authc.loginUrl = /login.jsp
authGwt = pt.ipb.rad.server.shiro.GwtAuthenticatingFilter
ipbRealm = pt.ipb.rad.server.shiro.IpbRealm
ipbRealm.passwordCheck = false
ipbRealm.checkUserSqlStatement = SELECT 1 FROM users WHERE login=?
ipbRealm.findRolesSqlStatement = SELECT modulo FROM user_modulo WHERE login=?
[urls]
/favicon.ico = anon
# gwt
/rad/deferredjs/** = anon
/rad/gwt/** = anon
/rad/AuthService = anon
/rad/PublicacoesCientificasService = authGwt, roles[avaliacao]
/rad/ConferenciasCientificasService = authGwt, roles[avaliacao]
/rad/ComprovativoEdicaoPublicacaoServlet = authc, roles[avaliacao]
/** = authc
I have a custom realm that needs Guice to inject a DataSource
public class IpbRealm extends AuthorizingRealm {
@Inject
private DataSource ds;
...
}
For annoations, I copied the
org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor
class and changed the name to ShiroAuthorizingMethodInterceptor. In
the constructor,I changed the resolver from AnnotationResolver
resolver = new SpringAnnotationResolver(); to AnnotationResolver
resolver = new DefaultAnnotationResolver(); to not depend on Spring.
What is the code that is on line 23 where the exception occurs?
guice.ShiroSecurityFilter.applySecurityManager(ShiroSecurityFilter.java:23)
On Fri, Mar 4, 2011 at 12:16 PM, Mark Engel <ma...@gmail.com> wrote:
> Thanks for your response, Filipe.
>
> Unfortunately I did not get it to run.
> Do you still use a ini file? If yes, what did you put inside of it?
> Which class did you copy for ShiroAuthorizingMethodInterceptor? The
> nearest I could find was
> AopAllianceAnnotationsAuthorizingMethodInterceptor (which depends on
> some spring libs, but seems to be generic enough)
>
> When I start the server with this configuration
> (https://gist.github.com/6076864909ccb471b63a) I receive a
> NullPointerException (https://gist.github.com/0357b9fca707d905b1d6)
>
> Can you define your own Realm via Guice with this method?
>
> Tamas: In this project the only reference to Guice is in the
> GuiceServletConfig (and the web.xml) which is inherited from Guice.
> Which code fragment do you mean?
>
> Mark
>
> On Thu, Mar 3, 2011 at 11:33 AM, Filipe Sousa <na...@gmail.com> wrote:
>> Hi,
>>
>> I needed to use the shiro in one application that already uses Guice
>> and as such I have implemented a solution that is not perfect, but it
>> works.
>>
>> I have a module called ShiroModule that intercepts the annotations.
>>
>> public class ShiroModule extends AbstractModule {
>> @Override
>> protected void configure() {
>> ShiroAuthorizingMethodInterceptor interceptor = new
>> ShiroAuthorizingMethodInterceptor();
>> bindInterceptor(any(), annotatedWith(RequiresRoles.class), interceptor);
>> bindInterceptor(any(),
>> annotatedWith(RequiresPermissions.class), interceptor);
>> bindInterceptor(any(),
>> annotatedWith(RequiresAuthentication.class), interceptor);
>> bindInterceptor(any(), annotatedWith(RequiresUser.class), interceptor);
>> bindInterceptor(any(), annotatedWith(RequiresGuest.class), interceptor);
>> }
>> }
>>
>> I believe I have copied the class ShiroAuthorizingMethodInterceptor
>> from shiro spring and removed two lines of code (spring dependencies)
>>
>> I also created a subclass of IniShiroFilter to inject the items
>> created from shiro.ini
>>
>> @Singleton
>> public class ShiroSecurityFilter extends IniShiroFilter {
>> private final Injector injector;
>>
>> @Inject
>> protected ShiroSecurityFilter(Injector injector) {
>> this.injector = injector;
>> }
>>
>> @Override
>> protected Map<String, ?> applySecurityManager(Ini ini) {
>> Map<String, ?> beans = super.applySecurityManager(ini);
>> for (Entry<String, ?> b : beans.entrySet())
>> injector.injectMembers(b.getValue());
>> return beans;
>> }
>> }
>>
>> And finally, in my ServletModule I 'm doing this:
>>
>> install(new ShiroModule());
>> filter("/*").through(ShiroSecurityFilter.class);
>>
>> This was the quickest solution I found without having to think too
>> much, but it is not the solution I want in the future. I'd like to get
>> rid of shiro.ini and use a solution based only on Guice.
>>
>> If anyone has better solutions, do please share them.
>>
>>
>> On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <ma...@gmail.com> wrote:
>>> Hello,
>>>
>>> i tried to use Apache Shiro with Google Guice in a Servlet, but the
>>> Dependency Injection does not work.
>>> When I try to access a function that is protected by shiro I get an
>>> error about a wrong configuration
>>>
>>> org.apache.shiro.UnavailableSecurityManagerException: No
>>> SecurityManager accessible to the calling code, either bound to the
>>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
>>> is an invalid application configuration.
>>>
>>> I created an example project which uses Apache Shiro, Google Guice and
>>> Jersey to bootstrap an example rest api which you can find on github
>>> (https://github.com/mren/java-rest-boilerplate)
>>>
>>> Could you help me to get this application running with Shiro?
>>> This project could be shown on the website as an example on how to use
>>> Shiro with other IoC Containers thant Spring.
>>>
>>> What is the cleanest way to use Shiro with Guice?
>>>
>>
>>
>>
>> --
>> Filipe Sousa
>>
>
--
Filipe Sousa
Re: use shiro with google guice
Posted by Mark Engel <ma...@gmail.com>.
Thanks for your response, Filipe.
Unfortunately I did not get it to run.
Do you still use a ini file? If yes, what did you put inside of it?
Which class did you copy for ShiroAuthorizingMethodInterceptor? The
nearest I could find was
AopAllianceAnnotationsAuthorizingMethodInterceptor (which depends on
some spring libs, but seems to be generic enough)
When I start the server with this configuration
(https://gist.github.com/6076864909ccb471b63a) I receive a
NullPointerException (https://gist.github.com/0357b9fca707d905b1d6)
Can you define your own Realm via Guice with this method?
Tamas: In this project the only reference to Guice is in the
GuiceServletConfig (and the web.xml) which is inherited from Guice.
Which code fragment do you mean?
Mark
On Thu, Mar 3, 2011 at 11:33 AM, Filipe Sousa <na...@gmail.com> wrote:
> Hi,
>
> I needed to use the shiro in one application that already uses Guice
> and as such I have implemented a solution that is not perfect, but it
> works.
>
> I have a module called ShiroModule that intercepts the annotations.
>
> public class ShiroModule extends AbstractModule {
> @Override
> protected void configure() {
> ShiroAuthorizingMethodInterceptor interceptor = new
> ShiroAuthorizingMethodInterceptor();
> bindInterceptor(any(), annotatedWith(RequiresRoles.class), interceptor);
> bindInterceptor(any(),
> annotatedWith(RequiresPermissions.class), interceptor);
> bindInterceptor(any(),
> annotatedWith(RequiresAuthentication.class), interceptor);
> bindInterceptor(any(), annotatedWith(RequiresUser.class), interceptor);
> bindInterceptor(any(), annotatedWith(RequiresGuest.class), interceptor);
> }
> }
>
> I believe I have copied the class ShiroAuthorizingMethodInterceptor
> from shiro spring and removed two lines of code (spring dependencies)
>
> I also created a subclass of IniShiroFilter to inject the items
> created from shiro.ini
>
> @Singleton
> public class ShiroSecurityFilter extends IniShiroFilter {
> private final Injector injector;
>
> @Inject
> protected ShiroSecurityFilter(Injector injector) {
> this.injector = injector;
> }
>
> @Override
> protected Map<String, ?> applySecurityManager(Ini ini) {
> Map<String, ?> beans = super.applySecurityManager(ini);
> for (Entry<String, ?> b : beans.entrySet())
> injector.injectMembers(b.getValue());
> return beans;
> }
> }
>
> And finally, in my ServletModule I 'm doing this:
>
> install(new ShiroModule());
> filter("/*").through(ShiroSecurityFilter.class);
>
> This was the quickest solution I found without having to think too
> much, but it is not the solution I want in the future. I'd like to get
> rid of shiro.ini and use a solution based only on Guice.
>
> If anyone has better solutions, do please share them.
>
>
> On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <ma...@gmail.com> wrote:
>> Hello,
>>
>> i tried to use Apache Shiro with Google Guice in a Servlet, but the
>> Dependency Injection does not work.
>> When I try to access a function that is protected by shiro I get an
>> error about a wrong configuration
>>
>> org.apache.shiro.UnavailableSecurityManagerException: No
>> SecurityManager accessible to the calling code, either bound to the
>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
>> is an invalid application configuration.
>>
>> I created an example project which uses Apache Shiro, Google Guice and
>> Jersey to bootstrap an example rest api which you can find on github
>> (https://github.com/mren/java-rest-boilerplate)
>>
>> Could you help me to get this application running with Shiro?
>> This project could be shown on the website as an example on how to use
>> Shiro with other IoC Containers thant Spring.
>>
>> What is the cleanest way to use Shiro with Guice?
>>
>
>
>
> --
> Filipe Sousa
>
Re: use shiro with google guice
Posted by Filipe Sousa <na...@gmail.com>.
Hi,
I needed to use the shiro in one application that already uses Guice
and as such I have implemented a solution that is not perfect, but it
works.
I have a module called ShiroModule that intercepts the annotations.
public class ShiroModule extends AbstractModule {
@Override
protected void configure() {
ShiroAuthorizingMethodInterceptor interceptor = new
ShiroAuthorizingMethodInterceptor();
bindInterceptor(any(), annotatedWith(RequiresRoles.class), interceptor);
bindInterceptor(any(),
annotatedWith(RequiresPermissions.class), interceptor);
bindInterceptor(any(),
annotatedWith(RequiresAuthentication.class), interceptor);
bindInterceptor(any(), annotatedWith(RequiresUser.class), interceptor);
bindInterceptor(any(), annotatedWith(RequiresGuest.class), interceptor);
}
}
I believe I have copied the class ShiroAuthorizingMethodInterceptor
from shiro spring and removed two lines of code (spring dependencies)
I also created a subclass of IniShiroFilter to inject the items
created from shiro.ini
@Singleton
public class ShiroSecurityFilter extends IniShiroFilter {
private final Injector injector;
@Inject
protected ShiroSecurityFilter(Injector injector) {
this.injector = injector;
}
@Override
protected Map<String, ?> applySecurityManager(Ini ini) {
Map<String, ?> beans = super.applySecurityManager(ini);
for (Entry<String, ?> b : beans.entrySet())
injector.injectMembers(b.getValue());
return beans;
}
}
And finally, in my ServletModule I 'm doing this:
install(new ShiroModule());
filter("/*").through(ShiroSecurityFilter.class);
This was the quickest solution I found without having to think too
much, but it is not the solution I want in the future. I'd like to get
rid of shiro.ini and use a solution based only on Guice.
If anyone has better solutions, do please share them.
On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <ma...@gmail.com> wrote:
> Hello,
>
> i tried to use Apache Shiro with Google Guice in a Servlet, but the
> Dependency Injection does not work.
> When I try to access a function that is protected by shiro I get an
> error about a wrong configuration
>
> org.apache.shiro.UnavailableSecurityManagerException: No
> SecurityManager accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
> is an invalid application configuration.
>
> I created an example project which uses Apache Shiro, Google Guice and
> Jersey to bootstrap an example rest api which you can find on github
> (https://github.com/mren/java-rest-boilerplate)
>
> Could you help me to get this application running with Shiro?
> This project could be shown on the website as an example on how to use
> Shiro with other IoC Containers thant Spring.
>
> What is the cleanest way to use Shiro with Guice?
>
--
Filipe Sousa
Re: use shiro with google guice
Posted by Mark Engel <ma...@gmail.com>.
Perhaps it is better when I am a bit more specific:
As the /secure url is a api. The session is only valid for the call.
This implies that authorization has to be done before the secure
method is executed.
How can I achieve this? Do I need to create a custom filter based on
the BasicHttpAuthenticationFilter that filters the '/secure' path?
Should I activate that filter in the guice config
(filter("/*").through(MyBasicHttpAuthenticationFilter.class); or
should I add this filter to the AbstractShiroFilter?
Or is there a better way?
I'm kind of lost here -.-
Mark
On Mon, Mar 14, 2011 at 7:17 PM, Mark Engel <ma...@gmail.com> wrote:
> Hello Les,
>
> like Filipe mentioned, Guice uses Aop, too.
> In order to use Guice with the
> AopAllianceAnnotationsAuthorizingMethodInterceptor I had to add Spring
> dependency to my project.
> , although it is not mentioned explicitly in the dependencies.
>
> But it works with Guice, at least.
>
> But now that I do not need the ini anymore I don't know a way how I
> can specify that I need want to have BasicHttpAuth on some Urls.
> How can I do that?
>
> I put up a example project on Github, which you can find here:
> https://github.com/mren/java-rest-boilerplate
>
> The url that needs basic http authentication is localhost:8080/secure.
> How is it possible to do that without using the ini?
>
> Best wishes Mark
>
>
>
>
>
> On Tue, Mar 8, 2011 at 11:10 PM, Les Hazlewood <lh...@apache.org> wrote:
>> Thanks Filipe - good to know.
>>
>> On Tue, Mar 8, 2011 at 1:08 PM, Filipe Sousa <na...@gmail.com> wrote:
>>> On Tue, Mar 8, 2011 at 8:19 PM, Les Hazlewood <lh...@apache.org> wrote:
>>>> Hi there,
>>>>
>>>> I'm not sure this is entirely correct - Shiro implements AOP Alliance
>>>> interceptors in it's Spring module. We also support AspectJ-style
>>>> AOP. Does the AOP Alliance stuff that we currently have need to be
>>>> split into its own AOP Alliance module?
>>>>
>>>> I wasn't aware of significant adoption of the AOP Alliance APIs
>>>> outside of the Spring community. It sounds like Guice may use it too
>>>> - is this correct?
>>>
>>> That is correct
>>> http://code.google.com/p/google-guice/wiki/AOP
>>>
>>> --
>>> Filipe Sousa
>>
>
Re: use shiro with google guice
Posted by Mark Engel <ma...@gmail.com>.
Hello Les,
like Filipe mentioned, Guice uses Aop, too.
In order to use Guice with the
AopAllianceAnnotationsAuthorizingMethodInterceptor I had to add Spring
dependency to my project.
, although it is not mentioned explicitly in the dependencies.
But it works with Guice, at least.
But now that I do not need the ini anymore I don't know a way how I
can specify that I need want to have BasicHttpAuth on some Urls.
How can I do that?
I put up a example project on Github, which you can find here:
https://github.com/mren/java-rest-boilerplate
The url that needs basic http authentication is localhost:8080/secure.
How is it possible to do that without using the ini?
Best wishes Mark
On Tue, Mar 8, 2011 at 11:10 PM, Les Hazlewood <lh...@apache.org> wrote:
> Thanks Filipe - good to know.
>
> On Tue, Mar 8, 2011 at 1:08 PM, Filipe Sousa <na...@gmail.com> wrote:
>> On Tue, Mar 8, 2011 at 8:19 PM, Les Hazlewood <lh...@apache.org> wrote:
>>> Hi there,
>>>
>>> I'm not sure this is entirely correct - Shiro implements AOP Alliance
>>> interceptors in it's Spring module. We also support AspectJ-style
>>> AOP. Does the AOP Alliance stuff that we currently have need to be
>>> split into its own AOP Alliance module?
>>>
>>> I wasn't aware of significant adoption of the AOP Alliance APIs
>>> outside of the Spring community. It sounds like Guice may use it too
>>> - is this correct?
>>
>> That is correct
>> http://code.google.com/p/google-guice/wiki/AOP
>>
>> --
>> Filipe Sousa
>
Re: use shiro with google guice
Posted by Les Hazlewood <lh...@apache.org>.
Thanks Filipe - good to know.
On Tue, Mar 8, 2011 at 1:08 PM, Filipe Sousa <na...@gmail.com> wrote:
> On Tue, Mar 8, 2011 at 8:19 PM, Les Hazlewood <lh...@apache.org> wrote:
>> Hi there,
>>
>> I'm not sure this is entirely correct - Shiro implements AOP Alliance
>> interceptors in it's Spring module. We also support AspectJ-style
>> AOP. Does the AOP Alliance stuff that we currently have need to be
>> split into its own AOP Alliance module?
>>
>> I wasn't aware of significant adoption of the AOP Alliance APIs
>> outside of the Spring community. It sounds like Guice may use it too
>> - is this correct?
>
> That is correct
> http://code.google.com/p/google-guice/wiki/AOP
>
> --
> Filipe Sousa
Re: use shiro with google guice
Posted by Filipe Sousa <na...@gmail.com>.
On Tue, Mar 8, 2011 at 8:19 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi there,
>
> I'm not sure this is entirely correct - Shiro implements AOP Alliance
> interceptors in it's Spring module. We also support AspectJ-style
> AOP. Does the AOP Alliance stuff that we currently have need to be
> split into its own AOP Alliance module?
>
> I wasn't aware of significant adoption of the AOP Alliance APIs
> outside of the Spring community. It sounds like Guice may use it too
> - is this correct?
That is correct
http://code.google.com/p/google-guice/wiki/AOP
--
Filipe Sousa
Re: use shiro with google guice
Posted by Les Hazlewood <lh...@apache.org>.
Hi there,
I'm not sure this is entirely correct - Shiro implements AOP Alliance
interceptors in it's Spring module. We also support AspectJ-style
AOP. Does the AOP Alliance stuff that we currently have need to be
split into its own AOP Alliance module?
I wasn't aware of significant adoption of the AOP Alliance APIs
outside of the Spring community. It sounds like Guice may use it too
- is this correct?
Les
On Tue, Mar 8, 2011 at 12:05 PM, whodevil <wh...@offthecob.info> wrote:
> Excerpts from Mark Engel's message of Wed Mar 02 21:58:54 -0800 2011:
>> Hello,
>>
>> i tried to use Apache Shiro with Google Guice in a Servlet, but the
>> Dependency Injection does not work.
>> When I try to access a function that is protected by shiro I get an
>> error about a wrong configuration
>>
>> org.apache.shiro.UnavailableSecurityManagerException: No
>> SecurityManager accessible to the calling code, either bound to the
>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
>> is an invalid application configuration.
>>
>> I created an example project which uses Apache Shiro, Google Guice and
>> Jersey to bootstrap an example rest api which you can find on github
>> (https://github.com/mren/java-rest-boilerplate)
>>
>> Could you help me to get this application running with Shiro?
>> This project could be shown on the website as an example on how to use
>> Shiro with other IoC Containers thant Spring.
>>
>> What is the cleanest way to use Shiro with Guice?
>
>
> Hello,
>
> I just recently had to go through this. Basically shiro uses non AOP alliance
> method injector/interceptors. In order get shiro to work with guice I had write
> a couple adapter classes.
>
> I hope this helps.
> --whodevil
Re: use shiro with google guice
Posted by whodevil <wh...@offthecob.info>.
Excerpts from Mark Engel's message of Wed Mar 02 21:58:54 -0800 2011:
> Hello,
>
> i tried to use Apache Shiro with Google Guice in a Servlet, but the
> Dependency Injection does not work.
> When I try to access a function that is protected by shiro I get an
> error about a wrong configuration
>
> org.apache.shiro.UnavailableSecurityManagerException: No
> SecurityManager accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
> is an invalid application configuration.
>
> I created an example project which uses Apache Shiro, Google Guice and
> Jersey to bootstrap an example rest api which you can find on github
> (https://github.com/mren/java-rest-boilerplate)
>
> Could you help me to get this application running with Shiro?
> This project could be shown on the website as an example on how to use
> Shiro with other IoC Containers thant Spring.
>
> What is the cleanest way to use Shiro with Guice?
Hello,
I just recently had to go through this. Basically shiro uses non AOP alliance
method injector/interceptors. In order get shiro to work with guice I had write
a couple adapter classes.
I hope this helps.
--whodevil
Re: use shiro with google guice
Posted by Tamás Cservenák <ta...@cservenak.net>.
I would just hint as advice: try to use javax.inject annos, and stay
"compatible" with DI containers implementing JSR330 like Spring and
Sonatype SISU is...
We were also "blinking" at Shiro Spring support, to implement some
similar support for it in Sisu (not Plexus "shim", as it's being
phased out).
Thanks,
~t~
On Thu, Mar 3, 2011 at 6:58 AM, Mark Engel <ma...@gmail.com> wrote:
> Hello,
>
> i tried to use Apache Shiro with Google Guice in a Servlet, but the
> Dependency Injection does not work.
> When I try to access a function that is protected by shiro I get an
> error about a wrong configuration
>
> org.apache.shiro.UnavailableSecurityManagerException: No
> SecurityManager accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
> is an invalid application configuration.
>
> I created an example project which uses Apache Shiro, Google Guice and
> Jersey to bootstrap an example rest api which you can find on github
> (https://github.com/mren/java-rest-boilerplate)
>
> Could you help me to get this application running with Shiro?
> This project could be shown on the website as an example on how to use
> Shiro with other IoC Containers thant Spring.
>
> What is the cleanest way to use Shiro with Guice?
>