You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by blacar <bc...@gmail.com> on 2013/12/18 09:38:03 UTC
CXF Restful Web Service with Apache Shiro
I'd like to secure a Spring + CXF Restful Web Service with Apache Shiro.
Is there a CXF interceptor or filter that can be used?
I have something like this in my ApplicationContext
<bean id="serviceImpl"
class="com.sicpa.pbpd.spike.spring.restAndShiro.ServiceImpl" />
<jaxrs:server id="greenstarJaxrsService"
address="http://localhost:6066/services">
<jaxrs:serviceBeans>
<ref bean="serviceImpl" />
</jaxrs:serviceBeans>
</jaxrs:server>
So: no WAR, no Application server (but embedded jetty), no Spring MVC, no
web.xml
What would be the best way to proceed?
Thanks in advance,
Rafael
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737954.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF Restful Web Service with Apache Shiro
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 18/12/13 16:12, blacar wrote:
> Hi Sergey,
>
> I've been looking at Adam Bien article
> http://www.oracle.com/technetwork/articles/java/jaxrs20-1929352.html where
> those filters are explained e.g.:
>
> @Provider
> @PreMatching
> public class PreMatchingFilter implements ContainerRequestFilter {
>
> public void filter(ContainerRequestContext requestContext) throws
> IOException {
> ....
> ....
> }
> }
>
> I see i could have access to requestContext that would provide access also
> to SecurityContext, headers, Request, and other information.
>
> Would this be enough? ... or still "injected with HttpServletRequest (into a
> @Context-annotated field)" would be useful?
>
> I've been able to declare it easily as a provider in the jaxrs:server and it
> looks like it is working.
>
> I see i can access SecurityContext but getUserPrincipal() returns null at
> this moment, of course.
>
I haven't had the experience of working with Shiro, so please give it a
try and let us know how it can be made to work :-), we can then document it
Thanks, Sergey
> Thanks,
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737956p5737979.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: CXF Restful Web Service with Apache Shiro
Posted by blacar <bc...@gmail.com>.
Hi Sergey,
I've been looking at Adam Bien article
http://www.oracle.com/technetwork/articles/java/jaxrs20-1929352.html where
those filters are explained e.g.:
@Provider
@PreMatching
public class PreMatchingFilter implements ContainerRequestFilter {
public void filter(ContainerRequestContext requestContext) throws
IOException {
....
....
}
}
I see i could have access to requestContext that would provide access also
to SecurityContext, headers, Request, and other information.
Would this be enough? ... or still "injected with HttpServletRequest (into a
@Context-annotated field)" would be useful?
I've been able to declare it easily as a provider in the jaxrs:server and it
looks like it is working.
I see i can access SecurityContext but getUserPrincipal() returns null at
this moment, of course.
Thanks,
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737956p5737979.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF Restful Web Service with Apache Shiro
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 18/12/13 14:07, blacar wrote:
> Hi Sergey
>
> Thanks for your answer.
>
> Im am interested in use shiro to enable authentification/authorization in my
> app minimizing dependencies.
>
> I am not familiarized with @PreMatching nor ContainerRequestFilters.
>
This is a JAX-RS 2.0 filter, can be run before the JAXRS runtime selects
a target method
> What's the difference with a CXF incoming interceptor?
>
The JAX-RS 2.0 in filters are run by the CXF in interceptor which
implements the JAX-RS input processing, custom CXF interceptors can be
run independently
Cheers, Sergey
> Cheers,
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737956p5737972.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: CXF Restful Web Service with Apache Shiro
Posted by blacar <bc...@gmail.com>.
Hi Sergey
Thanks for your answer.
Im am interested in use shiro to enable authentification/authorization in my
app minimizing dependencies.
I am not familiarized with @PreMatching nor ContainerRequestFilters.
What's the difference with a CXF incoming interceptor?
Cheers,
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737956p5737972.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF Restful Web Service with Apache Shiro
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 18/12/13 08:38, blacar wrote:
> I'd like to secure a Spring + CXF Restful Web Service with Apache Shiro.
> Is there a CXF interceptor or filter that can be used?
>
> I have something like this in my ApplicationContext
>
> <bean id="serviceImpl"
> class="com.sicpa.pbpd.spike.spring.restAndShiro.ServiceImpl" />
>
> <jaxrs:server id="greenstarJaxrsService"
> address="http://localhost:6066/services">
> <jaxrs:serviceBeans>
> <ref bean="serviceImpl" />
> </jaxrs:serviceBeans>
> </jaxrs:server>
>
> So: no WAR, no Application server (but embedded jetty), no Spring MVC, no
> web.xml
>
> What would be the best way to proceed?
>
I guess one way to do it is to have a JAX-RS 2.0 PreMatching
ContainerRequestFilter injected with HttpServletRequest (into a
@Context-annotated field), with this filter interacting directly with
Shiro API ?
I guess much depends on what exactly you need to do...
Cheers, Sergey
> Thanks in advance,
>
> Rafael
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Restful-Web-Service-with-Apache-Shiro-tp5737954.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>