You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by ayv <an...@oracle.com> on 2018/05/06 19:11:39 UTC
Associating Subject to HttpSession
Hi,I need to create a custom Subject instance & make it available through out
the user session. I am initializing shiro programmatically. Below is my
code:Factory factory = new
IniSecurityManagerFactory("file:shiro.ini");SecurityManager securityManager
=
factory.getInstance();SecurityUtils.setSecurityManager(securityManager);Authentication
is taken care by another application. I only need to take care of
authorization. So I can't do a login manually. All I have access to is
usename & HttpSession. How I can associate the Subject with a
HttpSession?Thanks,Anil.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Associating Subject to HttpSession
Posted by ayv <an...@oracle.com>.
I tried adding annotations. But I couldn't get it working. The problem is
with the order in which filters are executed. With annotations, there seems
to be no way to define the order of execution. Below is my code.
@WebFilter(urlPatterns = "/*", initParams = { @WebInitParam(name =
"configPath", value = "classpath:shiro.ini") },
dispatcherTypes = {DispatcherType.REQUEST, DispatcherType.FORWARD,
DispatcherType.INCLUDE, DispatcherType.ERROR})
public class MyFilter extends ShiroFilter
Unless we define the filter in web.xml (which is the last option for me), I
dont think this will work. Is there any other way we can associate the
subject to session?
Thanks again for your valuable suggestion.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Associating Subject to HttpSession
Posted by Brian Demers <br...@gmail.com>.
What stack are you on? We might be able to give you better directions?
But in general, it is standard Java Servlet / Web App configuration
Dropwizard, for example, doesn't load servlet fragments, to
programmatically it looks something like this:
environment.servlets().addServletListeners(new
EnvironmentLoaderListener());
environment.servlets().addFilter("ShiroFilter", ShiroFilter.class)
.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, "/*");
Which is the equivalent of the web.xml listed here:
https://shiro.apache.org/web.html#web-xml
On Mon, May 7, 2018 at 11:15 AM, ayv <an...@oracle.com> wrote:
> Hi Brian,
>
> Thanks for the reply.
>
> I couldn't find how to configure ShiroFilter using annotations or manually
> in the doc link. I tried searching but most of the results are related to
> spring. My application does not use spring. If you can provide me any
> references/code snippets, it will be really helpful. I am a complete novice
> in shiro.
>
> Thanks much,
> Anil.
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
Re: Associating Subject to HttpSession
Posted by ayv <an...@oracle.com>.
Hi Brian,
Thanks for the reply.
I couldn't find how to configure ShiroFilter using annotations or manually
in the doc link. I tried searching but most of the results are related to
spring. My application does not use spring. If you can provide me any
references/code snippets, it will be really helpful. I am a complete novice
in shiro.
Thanks much,
Anil.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
Re: Associating Subject to HttpSession
Posted by Brian Demers <br...@gmail.com>.
Sorry, I didn't paste the doc link:
https://shiro.apache.org/web.html
On Mon, May 7, 2018 at 10:13 AM, Brian Demers <br...@gmail.com>
wrote:
> If you configure the Shiro Filter, the subject will automatically be
> associated with the session. (you can configure it with annotations, or
> manually if needed)
>
>
> On Sun, May 6, 2018 at 3:11 PM, ayv <an...@oracle.com> wrote:
>
>> Hi,I need to create a custom Subject instance & make it available through
>> out
>> the user session. I am initializing shiro programmatically. Below is my
>> code:Factory factory = new
>> IniSecurityManagerFactory("file:shiro.ini");SecurityManager
>> securityManager
>> =
>> factory.getInstance();SecurityUtils.setSecurityManager(secur
>> ityManager);Authentication
>> is taken care by another application. I only need to take care of
>> authorization. So I can't do a login manually. All I have access to is
>> usename & HttpSession. How I can associate the Subject with a
>> HttpSession?Thanks,Anil.
>>
>>
>>
>> --
>> Sent from: http://shiro-user.582556.n2.nabble.com/
>>
>
>
Re: Associating Subject to HttpSession
Posted by Brian Demers <br...@gmail.com>.
If you configure the Shiro Filter, the subject will automatically be
associated with the session. (you can configure it with annotations, or
manually if needed)
On Sun, May 6, 2018 at 3:11 PM, ayv <an...@oracle.com> wrote:
> Hi,I need to create a custom Subject instance & make it available through
> out
> the user session. I am initializing shiro programmatically. Below is my
> code:Factory factory = new
> IniSecurityManagerFactory("file:shiro.ini");SecurityManager
> securityManager
> =
> factory.getInstance();SecurityUtils.setSecurityManager(securityManager);
> Authentication
> is taken care by another application. I only need to take care of
> authorization. So I can't do a login manually. All I have access to is
> usename & HttpSession. How I can associate the Subject with a
> HttpSession?Thanks,Anil.
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>