Apache Shiro in an OSGi Environment

[andyatmiami <st...@gmail.com>]

Greetings to all and thanks in advance.

First off, I am a first-time poster - but I have searched extensively
through the mailing list trying to resolve my question.  Now, it may be
because I am new to the Shiro world, but I need further help.

We are running an EBA bundle in the Websphere Liberty container using Apache
Shiro 1.1.0.  I am new to the project and have to deal with stuff "as-is" -
so its not trivial to update to a newer version of Shiro.

We currently have 2 web bundles - which I will refer to as "login bundle"
and "rest bundle".

Each bundle has a distinct WebApp-ContextPath and a distinct shiro.ini file.

login shiro.ini:


rest shiro.ini:


I guess my overall question is: Is this the right way to set this
application up?

As to a specific issue I am noticing, it seems that a session gets created
when the user logs in - but then through their interaction with our REST
calls - the LastAccessTime never gets updated.  So, you can be consistently
"using" the application, and you will time out 30 minutes after you log in.

Again, I am new to the OSGi and Shiro - so I apologize if this question is
naive.  I can understand why in bundles we would need to define multiple
shiro.ini files (in fact, I tried removing the rest shiro.ini file - and
once I logged in all subsequent calls failed) but it seems something strange
is going on with the session management.

Any explanation or advice you could give me in how to properly implement
this in my application would be greatly appreciated.




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Apache Shiro in an OSGi Environment

[taozi <ke...@qq.com>]

Chris Geer wrote
> We use Shiro in an OSGI environment just fine, but we did have to upgrade
> to version 1.2.1 since there were some OSGI related fixes in that release.
> The important thing to remember with OSGI is each bundle is in it's own
> class loader so if you are just referencing Shiro from multiple bundles
> you
> will get unique instances. What we do is we have a single bundle that
> initialized shiro and then exports the SecurityManager as an OSGI service
> which our other bundles import and use. That way everything is using the
> same SecurityManager instance.

I had a question, I init SecurityManager in one bundle(like xxx.service
bundle), using Spring standalone applications configuration(from
http://shiro.apache.org/spring.html), then I export SecurityManager as a
OSGI service.But I wonder how other bundles use it.For example, I want to
use SecurityManager in my ui web bundle, how do I init Shiro with that
SecurityManager imported from xxx.service bundle?
I had two questions, and wants some instructions from you.
1. bundle which want to use SecurityManager implements BundleActivator and
init with code in start method like
                      SecurityUtils.setSecurityManager(securityManager);
in this way, is the securityManager accessible only in this bundle? And
every bundle must add the code like this?
2. If a web bundle wants to use it, and init with spring like the "web
applications" chapter in this page "http://shiro.apache.org/spring.html".
What would I do?
I appreciate your help.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939p7579950.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Apache Shiro in an OSGi Environment

[Chris Geer <ch...@cxtsoftware.com>]

We use Shiro in an OSGI environment just fine, but we did have to upgrade
to version 1.2.1 since there were some OSGI related fixes in that release.
The important thing to remember with OSGI is each bundle is in it's own
class loader so if you are just referencing Shiro from multiple bundles you
will get unique instances. What we do is we have a single bundle that
initialized shiro and then exports the SecurityManager as an OSGI service
which our other bundles import and use. That way everything is using the
same SecurityManager instance.

Chris


On Tue, Jul 23, 2013 at 10:15 AM, andyatmiami <st...@gmail.com> wrote:

> Greetings to all and thanks in advance.
>
> First off, I am a first-time poster - but I have searched extensively
> through the mailing list trying to resolve my question.  Now, it may be
> because I am new to the Shiro world, but I need further help.
>
> We are running an EBA bundle in the Websphere Liberty container using
> Apache
> Shiro 1.1.0.  I am new to the project and have to deal with stuff "as-is" -
> so its not trivial to update to a newer version of Shiro.
>
> We currently have 2 web bundles - which I will refer to as "login bundle"
> and "rest bundle".
>
> Each bundle has a distinct WebApp-ContextPath and a distinct shiro.ini
> file.
>
> login shiro.ini:
>
>
> rest shiro.ini:
>
>
> I guess my overall question is: Is this the right way to set this
> application up?
>
> As to a specific issue I am noticing, it seems that a session gets created
> when the user logs in - but then through their interaction with our REST
> calls - the LastAccessTime never gets updated.  So, you can be consistently
> "using" the application, and you will time out 30 minutes after you log in.
>
> Again, I am new to the OSGi and Shiro - so I apologize if this question is
> naive.  I can understand why in bundles we would need to define multiple
> shiro.ini files (in fact, I tried removing the rest shiro.ini file - and
> once I logged in all subsequent calls failed) but it seems something
> strange
> is going on with the session management.
>
> Any explanation or advice you could give me in how to properly implement
> this in my application would be greatly appreciated.
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Re: Apache Shiro in an OSGi Environment

[andyatmiami <st...@gmail.com>]

I found another mailing list post that describes conceptually what it would
take to also add the [urls] portion to the blueprint file.  Linking it here
for anyone who stumbles across this thread.

http://mail-archives.apache.org/mod_mbox/shiro-user/201201.mbox/%3CCAETPiXYQLUrjjG2K4qDuesSeq7+LBR1W1u4DUyU5WsmqNGSivA@mail.gmail.com%3E



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939p7578945.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Apache Shiro in an OSGi Environment

[Chris Geer <ch...@cxtsoftware.com>]

I don't think you can mix ini config with programatic config but someone
else my be able to comment on that. We don't use any configuration beyond
this, so this works for us. If you use additional features then you'd have
to add them to the blueprint or configure them some other way. You should
be able to use an INI file and not configure all the pieces like this if
you want, the important thing is you publish the SecurityManager as a
service and import it where you want to use it elsewhere.

Chris


On Wed, Jul 24, 2013 at 5:47 AM, andyatmiami <st...@gmail.com> wrote:

> Thanks again for providing the blueprint configuration.  That is extremely
> helpful.  It has led to another question in my mind though...
>
> The blueprint config you have posted basically addresses the [main] section
> in shiro.ini.
>
> How do you handle the [urls] section?  Is that still in the ini file?
>
> Andy
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939p7578943.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Re: Apache Shiro in an OSGi Environment

[andyatmiami <st...@gmail.com>]

Thanks again for providing the blueprint configuration.  That is extremely
helpful.  It has led to another question in my mind though...

The blueprint config you have posted basically addresses the [main] section
in shiro.ini.

How do you handle the [urls] section?  Is that still in the ini file?

Andy



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Apache-Shiro-in-an-OSGi-Environment-tp7578939p7578943.html
Sent from the Shiro User mailing list archive at Nabble.com.