You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by aidaverdi800 <ai...@gmail.com> on 2015/08/30 02:34:33 UTC
Re: Shiro filter with Jaxrs server
I'm back again, I really cannot figure out how to make work shiro in my
environment.
It seems that there isn't a way to add shiro filter in cxf with jetty
embedded and no web.xml. I was thinking of doing a new cxf interceptor
calling shiro classes but then I will lose the simplicity of shiro
configuration.
I tried also to add this code to convert cxf server to jetty server and add
the filter as suggested, but if I don't add the shiro filter everything
works and I can call my url. If I add the context handler the new servlet
doesn't point to the rest resources, so the result of accessing the urls
with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
understanding what is going on is tricky.
// old code
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
ObjectMapper m = new ObjectMapper();
m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
jackson.setMapper(m);
CrossOriginResourceSharingFilter cors = new
CrossOriginResourceSharingFilter();
sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new
Curricula(env)));
System.out.println("webservice published on "+address);
sf.setAddress(address);
ì
Server cxfServer = sf.create();
// new code
Destination dest = cxfServer.getDestination();
JettyHTTPDestination jettyDestination =
JettyHTTPDestination.class.cast(dest);
ServerEngine engine = jettyDestination.getEngine();
JettyHTTPServerEngine serverEngine =
JettyHTTPServerEngine.class.cast(engine);
org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
// Had to start the server to get the Jetty Server instance.
// Have to stop it to add the custom Jetty handler.
httpServer.stop();
httpServer.join();
CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
ServletContextHandler context=new
ServletContextHandler(ServletContextHandler.SECURITY);
context.addServlet(servletHolder, "/*"); context.setContextPath("/");
context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
context.addEventListener(new EnvironmentLoaderListener());
FilterHolder filterHolder = new FilterHolder();
filterHolder.setFilter(new ShiroFilter());
EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
context.addFilter(filterHolder, "/*", types);
httpServer.setHandler(context);
httpServer.start();
httpServer.join();
Could anyone that has ecountered similar problem give me a suggestion for
the best direction to analyse? I would like to use shiro better than cxf
security but it seems really complicated in my case. Is the cxf interceptor
the way to go?
Lisa
On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
wrote:
> Just on a side-note,
> /users/** = authcBasic
> leaves your user-password as plain-text and therefor totally vulnerable to
> eavesdropping.
> In production environments I suggest you change that line to
> /users/** = ssl[insert your port number here], authcBasic
> for instance my server
> /users/** = ssl[8443], authcBasic
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Shiro filter with Jaxrs server
Posted by Jared Bunting <ja...@peachjean.com>.
Alright, well I guess I have a better understanding of how cxf is
integrating with Jetty now. The servlet API doesn't appear to be involved
at all. There's a jetty handler that directly invokes the CXF code. That's
going to be a problem since the only built-in authentication filters that
shiro provides are based on the servlet API. I've been toying with the idea
of doing a native JAX-RS filter but I haven't done anything with it yet.
If this is definitely how the jetty cxf integration needs to work in your
project, then you're going to need to write your own filters.
Sorry I couldn't be of more help.
On Sun, Aug 30, 2015 at 1:20 PM, aidaverdi800 <ai...@gmail.com>
wrote:
> Oh sorry! There is no need to call the serverconfig.xml in this case, it
> manages other things. If you get the repo again it should be working.
>
> Lisa
>
> On Sun, Aug 30, 2015 at 7:44 PM, Jared Bunting <
> jared.bunting@peachjean.com> wrote:
>
>> Cool. I think it's missing a ServerConfig.xml.
>>
>> org.springframework.context.ApplicationContextException: Failed to load
>> configuration ServerConfig.xml
>> at
>> org.apache.cxf.bus.spring.BusApplicationContext.getConfigResources(BusApplicationContext.java:202)
>> at
>> org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:121)
>> at
>> org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:322)
>> at
>> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
>> at
>> org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
>> at
>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
>> at
>> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:107)
>> at
>> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:105)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:105)
>> at
>> org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:157)
>> at
>> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:148)
>> at
>> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:124)
>> at
>> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:94)
>> at cxfshiro.Main.main(Main.java:37)
>>
>> On Sun, Aug 30, 2015 at 9:36 AM, aidaverdi800 <ai...@gmail.com>
>> wrote:
>>
>>> Thank you!
>>> I added a quick mini project with the issue here
>>> https://github.com/lisaziri/shiro-cxf-example
>>> Thanks again,
>>>
>>> Lisa
>>>
>>> On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <
>>> jared.bunting@peachjean.com> wrote:
>>>
>>>> If you have a bit more of a project demonstrating the issue I can take
>>>> a look. Our core product runs jetty embedded, with jersey and Shiro. I
>>>> can't imagine that cxf would be so different that it wouldn't work.
>>>> On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
>>>>
>>>>> I'm back again, I really cannot figure out how to make work shiro in
>>>>> my environment.
>>>>> It seems that there isn't a way to add shiro filter in cxf with jetty
>>>>> embedded and no web.xml. I was thinking of doing a new cxf interceptor
>>>>> calling shiro classes but then I will lose the simplicity of shiro
>>>>> configuration.
>>>>>
>>>>> I tried also to add this code to convert cxf server to jetty server
>>>>> and add the filter as suggested, but if I don't add the shiro filter
>>>>> everything works and I can call my url. If I add the context handler the
>>>>> new servlet doesn't point to the rest resources, so the result of accessing
>>>>> the urls with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
>>>>> understanding what is going on is tricky.
>>>>>
>>>>> // old code
>>>>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
>>>>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
>>>>> ObjectMapper m = new ObjectMapper();
>>>>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>>>>>
>>>>> jackson.setMapper(m);
>>>>> CrossOriginResourceSharingFilter cors = new
>>>>> CrossOriginResourceSharingFilter();
>>>>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
>>>>> sf.setResourceProvider(CvService.class, new
>>>>> SingletonResourceProvider(new Curricula(env)));
>>>>> System.out.println("webservice published on "+address);
>>>>> sf.setAddress(address);
>>>>>
>>>>> ì
>>>>> Server cxfServer = sf.create();
>>>>>
>>>>> // new code
>>>>> Destination dest = cxfServer.getDestination();
>>>>> JettyHTTPDestination jettyDestination =
>>>>> JettyHTTPDestination.class.cast(dest);
>>>>> ServerEngine engine = jettyDestination.getEngine();
>>>>> JettyHTTPServerEngine serverEngine =
>>>>> JettyHTTPServerEngine.class.cast(engine);
>>>>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>>>>>
>>>>>
>>>>> // Had to start the server to get the Jetty Server instance.
>>>>> // Have to stop it to add the custom Jetty handler.
>>>>> httpServer.stop();
>>>>> httpServer.join();
>>>>>
>>>>>
>>>>> CXFNonSpringJaxrsServlet jaxrsServlet = new
>>>>> CXFNonSpringJaxrsServlet();
>>>>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
>>>>> ServletContextHandler context=new
>>>>> ServletContextHandler(ServletContextHandler.SECURITY);
>>>>> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
>>>>>
>>>>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
>>>>> context.addEventListener(new EnvironmentLoaderListener());
>>>>> FilterHolder filterHolder = new FilterHolder();
>>>>> filterHolder.setFilter(new ShiroFilter());
>>>>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
>>>>> context.addFilter(filterHolder, "/*", types);
>>>>>
>>>>> httpServer.setHandler(context);
>>>>>
>>>>> httpServer.start();
>>>>> httpServer.join();
>>>>>
>>>>> Could anyone that has ecountered similar problem give me a suggestion
>>>>> for the best direction to analyse? I would like to use shiro better than
>>>>> cxf security but it seems really complicated in my case. Is the cxf
>>>>> interceptor the way to go?
>>>>>
>>>>> Lisa
>>>>>
>>>>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ronald.feicht@scsynergy.de
>>>>> > wrote:
>>>>>
>>>>>> Just on a side-note,
>>>>>> /users/** = authcBasic
>>>>>> leaves your user-password as plain-text and therefor totally
>>>>>> vulnerable to
>>>>>> eavesdropping.
>>>>>> In production environments I suggest you change that line to
>>>>>> /users/** = ssl[insert your port number here], authcBasic
>>>>>> for instance my server
>>>>>> /users/** = ssl[8443], authcBasic
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>>>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>
>>
>
Re: Shiro filter with Jaxrs server
Posted by aidaverdi800 <ai...@gmail.com>.
Oh sorry! There is no need to call the serverconfig.xml in this case, it
manages other things. If you get the repo again it should be working.
Lisa
On Sun, Aug 30, 2015 at 7:44 PM, Jared Bunting <ja...@peachjean.com>
wrote:
> Cool. I think it's missing a ServerConfig.xml.
>
> org.springframework.context.ApplicationContextException: Failed to load
> configuration ServerConfig.xml
> at
> org.apache.cxf.bus.spring.BusApplicationContext.getConfigResources(BusApplicationContext.java:202)
> at
> org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:121)
> at
> org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:322)
> at
> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
> at
> org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
> at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:107)
> at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:105)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:105)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:157)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:148)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:124)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:94)
> at cxfshiro.Main.main(Main.java:37)
>
> On Sun, Aug 30, 2015 at 9:36 AM, aidaverdi800 <ai...@gmail.com>
> wrote:
>
>> Thank you!
>> I added a quick mini project with the issue here
>> https://github.com/lisaziri/shiro-cxf-example
>> Thanks again,
>>
>> Lisa
>>
>> On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <
>> jared.bunting@peachjean.com> wrote:
>>
>>> If you have a bit more of a project demonstrating the issue I can take a
>>> look. Our core product runs jetty embedded, with jersey and Shiro. I can't
>>> imagine that cxf would be so different that it wouldn't work.
>>> On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
>>>
>>>> I'm back again, I really cannot figure out how to make work shiro in my
>>>> environment.
>>>> It seems that there isn't a way to add shiro filter in cxf with jetty
>>>> embedded and no web.xml. I was thinking of doing a new cxf interceptor
>>>> calling shiro classes but then I will lose the simplicity of shiro
>>>> configuration.
>>>>
>>>> I tried also to add this code to convert cxf server to jetty server and
>>>> add the filter as suggested, but if I don't add the shiro filter everything
>>>> works and I can call my url. If I add the context handler the new servlet
>>>> doesn't point to the rest resources, so the result of accessing the urls
>>>> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
>>>> understanding what is going on is tricky.
>>>>
>>>> // old code
>>>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
>>>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
>>>> ObjectMapper m = new ObjectMapper();
>>>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>>>>
>>>> jackson.setMapper(m);
>>>> CrossOriginResourceSharingFilter cors = new
>>>> CrossOriginResourceSharingFilter();
>>>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
>>>> sf.setResourceProvider(CvService.class, new
>>>> SingletonResourceProvider(new Curricula(env)));
>>>> System.out.println("webservice published on "+address);
>>>> sf.setAddress(address);
>>>>
>>>> ì
>>>> Server cxfServer = sf.create();
>>>>
>>>> // new code
>>>> Destination dest = cxfServer.getDestination();
>>>> JettyHTTPDestination jettyDestination =
>>>> JettyHTTPDestination.class.cast(dest);
>>>> ServerEngine engine = jettyDestination.getEngine();
>>>> JettyHTTPServerEngine serverEngine =
>>>> JettyHTTPServerEngine.class.cast(engine);
>>>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>>>>
>>>>
>>>> // Had to start the server to get the Jetty Server instance.
>>>> // Have to stop it to add the custom Jetty handler.
>>>> httpServer.stop();
>>>> httpServer.join();
>>>>
>>>>
>>>> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
>>>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
>>>> ServletContextHandler context=new
>>>> ServletContextHandler(ServletContextHandler.SECURITY);
>>>> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
>>>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
>>>> context.addEventListener(new EnvironmentLoaderListener());
>>>> FilterHolder filterHolder = new FilterHolder();
>>>> filterHolder.setFilter(new ShiroFilter());
>>>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
>>>> context.addFilter(filterHolder, "/*", types);
>>>>
>>>> httpServer.setHandler(context);
>>>>
>>>> httpServer.start();
>>>> httpServer.join();
>>>>
>>>> Could anyone that has ecountered similar problem give me a suggestion
>>>> for the best direction to analyse? I would like to use shiro better than
>>>> cxf security but it seems really complicated in my case. Is the cxf
>>>> interceptor the way to go?
>>>>
>>>> Lisa
>>>>
>>>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
>>>> wrote:
>>>>
>>>>> Just on a side-note,
>>>>> /users/** = authcBasic
>>>>> leaves your user-password as plain-text and therefor totally
>>>>> vulnerable to
>>>>> eavesdropping.
>>>>> In production environments I suggest you change that line to
>>>>> /users/** = ssl[insert your port number here], authcBasic
>>>>> for instance my server
>>>>> /users/** = ssl[8443], authcBasic
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>
>
Re: Shiro filter with Jaxrs server
Posted by Anna Elisabetta Ziri <an...@nemoris.it>.
Oh sorry! There is no need to call the serverconfig.xml in this case, it
manages other things. If you get the repo again it should be working.
Lisa
On Sun, Aug 30, 2015 at 7:44 PM, Jared Bunting <ja...@peachjean.com>
wrote:
> Cool. I think it's missing a ServerConfig.xml.
>
> org.springframework.context.ApplicationContextException: Failed to load
> configuration ServerConfig.xml
> at
> org.apache.cxf.bus.spring.BusApplicationContext.getConfigResources(BusApplicationContext.java:202)
> at
> org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:121)
> at
> org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:322)
> at
> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
> at
> org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
> at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:107)
> at
> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:105)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:105)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:157)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:148)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:124)
> at
> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:94)
> at cxfshiro.Main.main(Main.java:37)
>
> On Sun, Aug 30, 2015 at 9:36 AM, aidaverdi800 <ai...@gmail.com>
> wrote:
>
>> Thank you!
>> I added a quick mini project with the issue here
>> https://github.com/lisaziri/shiro-cxf-example
>> Thanks again,
>>
>> Lisa
>>
>> On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <
>> jared.bunting@peachjean.com> wrote:
>>
>>> If you have a bit more of a project demonstrating the issue I can take a
>>> look. Our core product runs jetty embedded, with jersey and Shiro. I can't
>>> imagine that cxf would be so different that it wouldn't work.
>>> On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
>>>
>>>> I'm back again, I really cannot figure out how to make work shiro in my
>>>> environment.
>>>> It seems that there isn't a way to add shiro filter in cxf with jetty
>>>> embedded and no web.xml. I was thinking of doing a new cxf interceptor
>>>> calling shiro classes but then I will lose the simplicity of shiro
>>>> configuration.
>>>>
>>>> I tried also to add this code to convert cxf server to jetty server and
>>>> add the filter as suggested, but if I don't add the shiro filter everything
>>>> works and I can call my url. If I add the context handler the new servlet
>>>> doesn't point to the rest resources, so the result of accessing the urls
>>>> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
>>>> understanding what is going on is tricky.
>>>>
>>>> // old code
>>>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
>>>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
>>>> ObjectMapper m = new ObjectMapper();
>>>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>>>>
>>>> jackson.setMapper(m);
>>>> CrossOriginResourceSharingFilter cors = new
>>>> CrossOriginResourceSharingFilter();
>>>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
>>>> sf.setResourceProvider(CvService.class, new
>>>> SingletonResourceProvider(new Curricula(env)));
>>>> System.out.println("webservice published on "+address);
>>>> sf.setAddress(address);
>>>>
>>>> ì
>>>> Server cxfServer = sf.create();
>>>>
>>>> // new code
>>>> Destination dest = cxfServer.getDestination();
>>>> JettyHTTPDestination jettyDestination =
>>>> JettyHTTPDestination.class.cast(dest);
>>>> ServerEngine engine = jettyDestination.getEngine();
>>>> JettyHTTPServerEngine serverEngine =
>>>> JettyHTTPServerEngine.class.cast(engine);
>>>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>>>>
>>>>
>>>> // Had to start the server to get the Jetty Server instance.
>>>> // Have to stop it to add the custom Jetty handler.
>>>> httpServer.stop();
>>>> httpServer.join();
>>>>
>>>>
>>>> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
>>>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
>>>> ServletContextHandler context=new
>>>> ServletContextHandler(ServletContextHandler.SECURITY);
>>>> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
>>>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
>>>> context.addEventListener(new EnvironmentLoaderListener());
>>>> FilterHolder filterHolder = new FilterHolder();
>>>> filterHolder.setFilter(new ShiroFilter());
>>>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
>>>> context.addFilter(filterHolder, "/*", types);
>>>>
>>>> httpServer.setHandler(context);
>>>>
>>>> httpServer.start();
>>>> httpServer.join();
>>>>
>>>> Could anyone that has ecountered similar problem give me a suggestion
>>>> for the best direction to analyse? I would like to use shiro better than
>>>> cxf security but it seems really complicated in my case. Is the cxf
>>>> interceptor the way to go?
>>>>
>>>> Lisa
>>>>
>>>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
>>>> wrote:
>>>>
>>>>> Just on a side-note,
>>>>> /users/** = authcBasic
>>>>> leaves your user-password as plain-text and therefor totally
>>>>> vulnerable to
>>>>> eavesdropping.
>>>>> In production environments I suggest you change that line to
>>>>> /users/** = ssl[insert your port number here], authcBasic
>>>>> for instance my server
>>>>> /users/** = ssl[8443], authcBasic
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>
>
--
Anna Elisabetta Ziri
CTO of Nemoris S.r.l.
annaelisabetta.ziri@nemoris.it
Skype lisa.ziri
Cell. +393403095591
Tel. +390510827131
www.nemoris.it
Follow us on:
https://www.facebook.com/nemoriscompany
https://www.linkedin.com/company/nemoris
https://twitter.com/staffnemoris
Re: Shiro filter with Jaxrs server
Posted by Jared Bunting <ja...@peachjean.com>.
Cool. I think it's missing a ServerConfig.xml.
org.springframework.context.ApplicationContextException: Failed to load
configuration ServerConfig.xml
at
org.apache.cxf.bus.spring.BusApplicationContext.getConfigResources(BusApplicationContext.java:202)
at
org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:121)
at
org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:322)
at
org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
at
org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
at
org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:107)
at
org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:105)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:105)
at
org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:157)
at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:148)
at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:124)
at
org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:94)
at cxfshiro.Main.main(Main.java:37)
On Sun, Aug 30, 2015 at 9:36 AM, aidaverdi800 <ai...@gmail.com>
wrote:
> Thank you!
> I added a quick mini project with the issue here
> https://github.com/lisaziri/shiro-cxf-example
> Thanks again,
>
> Lisa
>
> On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <
> jared.bunting@peachjean.com> wrote:
>
>> If you have a bit more of a project demonstrating the issue I can take a
>> look. Our core product runs jetty embedded, with jersey and Shiro. I can't
>> imagine that cxf would be so different that it wouldn't work.
>> On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
>>
>>> I'm back again, I really cannot figure out how to make work shiro in my
>>> environment.
>>> It seems that there isn't a way to add shiro filter in cxf with jetty
>>> embedded and no web.xml. I was thinking of doing a new cxf interceptor
>>> calling shiro classes but then I will lose the simplicity of shiro
>>> configuration.
>>>
>>> I tried also to add this code to convert cxf server to jetty server and
>>> add the filter as suggested, but if I don't add the shiro filter everything
>>> works and I can call my url. If I add the context handler the new servlet
>>> doesn't point to the rest resources, so the result of accessing the urls
>>> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
>>> understanding what is going on is tricky.
>>>
>>> // old code
>>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
>>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
>>> ObjectMapper m = new ObjectMapper();
>>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>>>
>>> jackson.setMapper(m);
>>> CrossOriginResourceSharingFilter cors = new
>>> CrossOriginResourceSharingFilter();
>>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
>>> sf.setResourceProvider(CvService.class, new
>>> SingletonResourceProvider(new Curricula(env)));
>>> System.out.println("webservice published on "+address);
>>> sf.setAddress(address);
>>>
>>> ì
>>> Server cxfServer = sf.create();
>>>
>>> // new code
>>> Destination dest = cxfServer.getDestination();
>>> JettyHTTPDestination jettyDestination =
>>> JettyHTTPDestination.class.cast(dest);
>>> ServerEngine engine = jettyDestination.getEngine();
>>> JettyHTTPServerEngine serverEngine =
>>> JettyHTTPServerEngine.class.cast(engine);
>>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>>>
>>>
>>> // Had to start the server to get the Jetty Server instance.
>>> // Have to stop it to add the custom Jetty handler.
>>> httpServer.stop();
>>> httpServer.join();
>>>
>>>
>>> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
>>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
>>> ServletContextHandler context=new
>>> ServletContextHandler(ServletContextHandler.SECURITY);
>>> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
>>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
>>> context.addEventListener(new EnvironmentLoaderListener());
>>> FilterHolder filterHolder = new FilterHolder();
>>> filterHolder.setFilter(new ShiroFilter());
>>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
>>> context.addFilter(filterHolder, "/*", types);
>>>
>>> httpServer.setHandler(context);
>>>
>>> httpServer.start();
>>> httpServer.join();
>>>
>>> Could anyone that has ecountered similar problem give me a suggestion
>>> for the best direction to analyse? I would like to use shiro better than
>>> cxf security but it seems really complicated in my case. Is the cxf
>>> interceptor the way to go?
>>>
>>> Lisa
>>>
>>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
>>> wrote:
>>>
>>>> Just on a side-note,
>>>> /users/** = authcBasic
>>>> leaves your user-password as plain-text and therefor totally vulnerable
>>>> to
>>>> eavesdropping.
>>>> In production environments I suggest you change that line to
>>>> /users/** = ssl[insert your port number here], authcBasic
>>>> for instance my server
>>>> /users/** = ssl[8443], authcBasic
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>
Re: Shiro filter with Jaxrs server
Posted by aidaverdi800 <ai...@gmail.com>.
Thank you!
I added a quick mini project with the issue here
https://github.com/lisaziri/shiro-cxf-example
Thanks again,
Lisa
On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <ja...@peachjean.com>
wrote:
> If you have a bit more of a project demonstrating the issue I can take a
> look. Our core product runs jetty embedded, with jersey and Shiro. I can't
> imagine that cxf would be so different that it wouldn't work.
> On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
>
>> I'm back again, I really cannot figure out how to make work shiro in my
>> environment.
>> It seems that there isn't a way to add shiro filter in cxf with jetty
>> embedded and no web.xml. I was thinking of doing a new cxf interceptor
>> calling shiro classes but then I will lose the simplicity of shiro
>> configuration.
>>
>> I tried also to add this code to convert cxf server to jetty server and
>> add the filter as suggested, but if I don't add the shiro filter everything
>> works and I can call my url. If I add the context handler the new servlet
>> doesn't point to the rest resources, so the result of accessing the urls
>> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
>> understanding what is going on is tricky.
>>
>> // old code
>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
>> ObjectMapper m = new ObjectMapper();
>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>>
>> jackson.setMapper(m);
>> CrossOriginResourceSharingFilter cors = new
>> CrossOriginResourceSharingFilter();
>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
>> sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new
>> Curricula(env)));
>> System.out.println("webservice published on "+address);
>> sf.setAddress(address);
>>
>> ì
>> Server cxfServer = sf.create();
>>
>> // new code
>> Destination dest = cxfServer.getDestination();
>> JettyHTTPDestination jettyDestination =
>> JettyHTTPDestination.class.cast(dest);
>> ServerEngine engine = jettyDestination.getEngine();
>> JettyHTTPServerEngine serverEngine =
>> JettyHTTPServerEngine.class.cast(engine);
>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>>
>>
>> // Had to start the server to get the Jetty Server instance.
>> // Have to stop it to add the custom Jetty handler.
>> httpServer.stop();
>> httpServer.join();
>>
>>
>> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
>> ServletContextHandler context=new
>> ServletContextHandler(ServletContextHandler.SECURITY);
>> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
>> context.addEventListener(new EnvironmentLoaderListener());
>> FilterHolder filterHolder = new FilterHolder();
>> filterHolder.setFilter(new ShiroFilter());
>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
>> context.addFilter(filterHolder, "/*", types);
>>
>> httpServer.setHandler(context);
>>
>> httpServer.start();
>> httpServer.join();
>>
>> Could anyone that has ecountered similar problem give me a suggestion for
>> the best direction to analyse? I would like to use shiro better than cxf
>> security but it seems really complicated in my case. Is the cxf interceptor
>> the way to go?
>>
>> Lisa
>>
>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
>> wrote:
>>
>>> Just on a side-note,
>>> /users/** = authcBasic
>>> leaves your user-password as plain-text and therefor totally vulnerable
>>> to
>>> eavesdropping.
>>> In production environments I suggest you change that line to
>>> /users/** = ssl[insert your port number here], authcBasic
>>> for instance my server
>>> /users/** = ssl[8443], authcBasic
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>
>>
>>
Re: Shiro filter with Jaxrs server
Posted by Jared Bunting <ja...@peachjean.com>.
If you have a bit more of a project demonstrating the issue I can take a
look. Our core product runs jetty embedded, with jersey and Shiro. I can't
imagine that cxf would be so different that it wouldn't work.
On Aug 29, 2015 7:34 PM, "aidaverdi800" <ai...@gmail.com> wrote:
> I'm back again, I really cannot figure out how to make work shiro in my
> environment.
> It seems that there isn't a way to add shiro filter in cxf with jetty
> embedded and no web.xml. I was thinking of doing a new cxf interceptor
> calling shiro classes but then I will lose the simplicity of shiro
> configuration.
>
> I tried also to add this code to convert cxf server to jetty server and
> add the filter as suggested, but if I don't add the shiro filter everything
> works and I can call my url. If I add the context handler the new servlet
> doesn't point to the rest resources, so the result of accessing the urls
> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
> understanding what is going on is tricky.
>
> // old code
> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
> ObjectMapper m = new ObjectMapper();
> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>
> jackson.setMapper(m);
> CrossOriginResourceSharingFilter cors = new
> CrossOriginResourceSharingFilter();
> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
> sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new
> Curricula(env)));
> System.out.println("webservice published on "+address);
> sf.setAddress(address);
>
> ì
> Server cxfServer = sf.create();
>
> // new code
> Destination dest = cxfServer.getDestination();
> JettyHTTPDestination jettyDestination =
> JettyHTTPDestination.class.cast(dest);
> ServerEngine engine = jettyDestination.getEngine();
> JettyHTTPServerEngine serverEngine =
> JettyHTTPServerEngine.class.cast(engine);
> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>
>
> // Had to start the server to get the Jetty Server instance.
> // Have to stop it to add the custom Jetty handler.
> httpServer.stop();
> httpServer.join();
>
>
> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
> ServletContextHandler context=new
> ServletContextHandler(ServletContextHandler.SECURITY);
> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
> context.addEventListener(new EnvironmentLoaderListener());
> FilterHolder filterHolder = new FilterHolder();
> filterHolder.setFilter(new ShiroFilter());
> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
> context.addFilter(filterHolder, "/*", types);
>
> httpServer.setHandler(context);
>
> httpServer.start();
> httpServer.join();
>
> Could anyone that has ecountered similar problem give me a suggestion for
> the best direction to analyse? I would like to use shiro better than cxf
> security but it seems really complicated in my case. Is the cxf interceptor
> the way to go?
>
> Lisa
>
> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <ro...@scsynergy.de>
> wrote:
>
>> Just on a side-note,
>> /users/** = authcBasic
>> leaves your user-password as plain-text and therefor totally vulnerable to
>> eavesdropping.
>> In production environments I suggest you change that line to
>> /users/** = ssl[insert your port number here], authcBasic
>> for instance my server
>> /users/** = ssl[8443], authcBasic
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>