You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Alan D. Cabrera" <li...@toolazydogs.com> on 2010/10/07 15:51:43 UTC

Struts2 integration

I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?


Regards,
Alan

Re: Struts2 integration

Posted by "Alan D. Cabrera" <li...@toolazydogs.com>.

Yay!  Thanks!


Regards,
Alan

On Oct 15, 2010, at 3:28 PM, Les Hazlewood wrote:

> Hi Alan,
> 
> You should have commit rights again :)
> 
> Cheers,
> 
> Les
> 
> On Thu, Oct 14, 2010 at 1:09 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>> Not sure.  I would pester infra.
>> 
>> 
>> Regards,
>> Alan
>> 
>> On Oct 13, 2010, at 11:31 AM, Les Hazlewood wrote:
>> 
>>> Oops - yeah, I've been meaning to get to this per Craig's earlier
>>> email, sorry.  How do I go about getting this turned back on?  Is
>>> there some script I can run somewhere?
>>> 
>>> Cheers,
>>> 
>>> Les
>>> 
>>> On Tue, Oct 12, 2010 at 9:39 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>>> I think that we can use the Shiro filters as they exist.  All we need to do is add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into the value stack.  This Shiro subject can be used by login actions to check if a login was successful.
>>>> 
>>>> I was going to work out a sketch of the ideas in the sandbox but it seems that I no longer have my old commit privileges.  Could I have them re-instated?
>>>> 
>>>> 
>>>> Regards,
>>>> Alan
>>>> 
>>>> On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:
>>>> 
>>>>> Hi Alan,
>>>>> 
>>>>> I haven't used Struts (ever), so I won't be able to offer
>>>>> struts-specific advice.  But because it is a typical request/response
>>>>> MVC framework w/ servlets and JSPs (AIUI), just defining the
>>>>> IniShiroFilter in web.xml should be all that is necessary.
>>>>> 
>>>>> If it is not Spring-based and you want to use annotations, you'll
>>>>> probably need to enable the AspectJ support, otherwise,
>>>>> SecurityUtils.getSubject() will work fine.
>>>>> 
>>>>> For testing, I would use the Subject.Builder to mock Subject instances
>>>>> as necessary.  For example:
>>>>> 
>>>>> Subject mock = new
>>>>> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
>>>>> mock.execute( new Runnable() {
>>>>>    public void run() {
>>>>>        runSomeTestAsTheSubject();
>>>>>    }
>>>>> });
>>>>> 
>>>>> This guarantees thread cleanup.  You can also use the 'Manual
>>>>> Association' approach as covered in
>>>>> http://incubator.apache.org/shiro/subject.html by binding and clearing
>>>>> the ThreadState in the respective @Before and @After JUnit methods.
>>>>> The Runnable and/or Callable approach is my favorite because there is
>>>>> less to manage.
>>>>> 
>>>>> HTH!
>>>>> 
>>>>> --
>>>>> Les Hazlewood
>>>>> Founder, Katasoft, Inc.
>>>>> Application Security Products & Professional Apache Shiro Support and Training:
>>>>> http://www.katasoft.com
>>>>> 
>>>>> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>>>>> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>>>>>> 
>>>>>> 
>>>>>> Regards,
>>>>>> Alan
>>>>>> 
>>>>>> 
>> 
>>

Re: Struts2 integration

Posted by Les Hazlewood <lh...@apache.org>.

Hi Alan,

You should have commit rights again :)

Cheers,

Les

On Thu, Oct 14, 2010 at 1:09 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
> Not sure.  I would pester infra.
>
>
> Regards,
> Alan
>
> On Oct 13, 2010, at 11:31 AM, Les Hazlewood wrote:
>
>> Oops - yeah, I've been meaning to get to this per Craig's earlier
>> email, sorry.  How do I go about getting this turned back on?  Is
>> there some script I can run somewhere?
>>
>> Cheers,
>>
>> Les
>>
>> On Tue, Oct 12, 2010 at 9:39 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>> I think that we can use the Shiro filters as they exist.  All we need to do is add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into the value stack.  This Shiro subject can be used by login actions to check if a login was successful.
>>>
>>> I was going to work out a sketch of the ideas in the sandbox but it seems that I no longer have my old commit privileges.  Could I have them re-instated?
>>>
>>>
>>> Regards,
>>> Alan
>>>
>>> On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:
>>>
>>>> Hi Alan,
>>>>
>>>> I haven't used Struts (ever), so I won't be able to offer
>>>> struts-specific advice.  But because it is a typical request/response
>>>> MVC framework w/ servlets and JSPs (AIUI), just defining the
>>>> IniShiroFilter in web.xml should be all that is necessary.
>>>>
>>>> If it is not Spring-based and you want to use annotations, you'll
>>>> probably need to enable the AspectJ support, otherwise,
>>>> SecurityUtils.getSubject() will work fine.
>>>>
>>>> For testing, I would use the Subject.Builder to mock Subject instances
>>>> as necessary.  For example:
>>>>
>>>> Subject mock = new
>>>> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
>>>> mock.execute( new Runnable() {
>>>>    public void run() {
>>>>        runSomeTestAsTheSubject();
>>>>    }
>>>> });
>>>>
>>>> This guarantees thread cleanup.  You can also use the 'Manual
>>>> Association' approach as covered in
>>>> http://incubator.apache.org/shiro/subject.html by binding and clearing
>>>> the ThreadState in the respective @Before and @After JUnit methods.
>>>> The Runnable and/or Callable approach is my favorite because there is
>>>> less to manage.
>>>>
>>>> HTH!
>>>>
>>>> --
>>>> Les Hazlewood
>>>> Founder, Katasoft, Inc.
>>>> Application Security Products & Professional Apache Shiro Support and Training:
>>>> http://www.katasoft.com
>>>>
>>>> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>>>> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>>>>>
>>>>>
>>>>> Regards,
>>>>> Alan
>>>>>
>>>>>
>
>

Re: Struts2 integration

Posted by "Alan D. Cabrera" <li...@toolazydogs.com>.

Not sure.  I would pester infra.


Regards,
Alan

On Oct 13, 2010, at 11:31 AM, Les Hazlewood wrote:

> Oops - yeah, I've been meaning to get to this per Craig's earlier
> email, sorry.  How do I go about getting this turned back on?  Is
> there some script I can run somewhere?
> 
> Cheers,
> 
> Les
> 
> On Tue, Oct 12, 2010 at 9:39 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>> I think that we can use the Shiro filters as they exist.  All we need to do is add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into the value stack.  This Shiro subject can be used by login actions to check if a login was successful.
>> 
>> I was going to work out a sketch of the ideas in the sandbox but it seems that I no longer have my old commit privileges.  Could I have them re-instated?
>> 
>> 
>> Regards,
>> Alan
>> 
>> On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:
>> 
>>> Hi Alan,
>>> 
>>> I haven't used Struts (ever), so I won't be able to offer
>>> struts-specific advice.  But because it is a typical request/response
>>> MVC framework w/ servlets and JSPs (AIUI), just defining the
>>> IniShiroFilter in web.xml should be all that is necessary.
>>> 
>>> If it is not Spring-based and you want to use annotations, you'll
>>> probably need to enable the AspectJ support, otherwise,
>>> SecurityUtils.getSubject() will work fine.
>>> 
>>> For testing, I would use the Subject.Builder to mock Subject instances
>>> as necessary.  For example:
>>> 
>>> Subject mock = new
>>> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
>>> mock.execute( new Runnable() {
>>>    public void run() {
>>>        runSomeTestAsTheSubject();
>>>    }
>>> });
>>> 
>>> This guarantees thread cleanup.  You can also use the 'Manual
>>> Association' approach as covered in
>>> http://incubator.apache.org/shiro/subject.html by binding and clearing
>>> the ThreadState in the respective @Before and @After JUnit methods.
>>> The Runnable and/or Callable approach is my favorite because there is
>>> less to manage.
>>> 
>>> HTH!
>>> 
>>> --
>>> Les Hazlewood
>>> Founder, Katasoft, Inc.
>>> Application Security Products & Professional Apache Shiro Support and Training:
>>> http://www.katasoft.com
>>> 
>>> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>>> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>>>> 
>>>> 
>>>> Regards,
>>>> Alan
>>>> 
>>>>

Re: Struts2 integration

Posted by Les Hazlewood <lh...@apache.org>.

Oops - yeah, I've been meaning to get to this per Craig's earlier
email, sorry.  How do I go about getting this turned back on?  Is
there some script I can run somewhere?

Cheers,

Les

On Tue, Oct 12, 2010 at 9:39 PM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
> I think that we can use the Shiro filters as they exist.  All we need to do is add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into the value stack.  This Shiro subject can be used by login actions to check if a login was successful.
>
> I was going to work out a sketch of the ideas in the sandbox but it seems that I no longer have my old commit privileges.  Could I have them re-instated?
>
>
> Regards,
> Alan
>
> On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:
>
>> Hi Alan,
>>
>> I haven't used Struts (ever), so I won't be able to offer
>> struts-specific advice.  But because it is a typical request/response
>> MVC framework w/ servlets and JSPs (AIUI), just defining the
>> IniShiroFilter in web.xml should be all that is necessary.
>>
>> If it is not Spring-based and you want to use annotations, you'll
>> probably need to enable the AspectJ support, otherwise,
>> SecurityUtils.getSubject() will work fine.
>>
>> For testing, I would use the Subject.Builder to mock Subject instances
>> as necessary.  For example:
>>
>> Subject mock = new
>> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
>> mock.execute( new Runnable() {
>>    public void run() {
>>        runSomeTestAsTheSubject();
>>    }
>> });
>>
>> This guarantees thread cleanup.  You can also use the 'Manual
>> Association' approach as covered in
>> http://incubator.apache.org/shiro/subject.html by binding and clearing
>> the ThreadState in the respective @Before and @After JUnit methods.
>> The Runnable and/or Callable approach is my favorite because there is
>> less to manage.
>>
>> HTH!
>>
>> --
>> Les Hazlewood
>> Founder, Katasoft, Inc.
>> Application Security Products & Professional Apache Shiro Support and Training:
>> http://www.katasoft.com
>>
>> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>>> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>>>
>>>
>>> Regards,
>>> Alan
>>>
>>>

Re: Struts2 integration

Posted by "Alan D. Cabrera" <li...@toolazydogs.com>.

I think that we can use the Shiro filters as they exist.  All we need to do is add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into the value stack.  This Shiro subject can be used by login actions to check if a login was successful.

I was going to work out a sketch of the ideas in the sandbox but it seems that I no longer have my old commit privileges.  Could I have them re-instated?


Regards,
Alan

On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:

> Hi Alan,
> 
> I haven't used Struts (ever), so I won't be able to offer
> struts-specific advice.  But because it is a typical request/response
> MVC framework w/ servlets and JSPs (AIUI), just defining the
> IniShiroFilter in web.xml should be all that is necessary.
> 
> If it is not Spring-based and you want to use annotations, you'll
> probably need to enable the AspectJ support, otherwise,
> SecurityUtils.getSubject() will work fine.
> 
> For testing, I would use the Subject.Builder to mock Subject instances
> as necessary.  For example:
> 
> Subject mock = new
> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
> mock.execute( new Runnable() {
>    public void run() {
>        runSomeTestAsTheSubject();
>    }
> });
> 
> This guarantees thread cleanup.  You can also use the 'Manual
> Association' approach as covered in
> http://incubator.apache.org/shiro/subject.html by binding and clearing
> the ThreadState in the respective @Before and @After JUnit methods.
> The Runnable and/or Callable approach is my favorite because there is
> less to manage.
> 
> HTH!
> 
> -- 
> Les Hazlewood
> Founder, Katasoft, Inc.
> Application Security Products & Professional Apache Shiro Support and Training:
> http://www.katasoft.com
> 
> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
>> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>> 
>> 
>> Regards,
>> Alan
>> 
>>

Re: Struts2 integration

Posted by Les Hazlewood <lh...@apache.org>.

Hi Alan,

I haven't used Struts (ever), so I won't be able to offer
struts-specific advice.  But because it is a typical request/response
MVC framework w/ servlets and JSPs (AIUI), just defining the
IniShiroFilter in web.xml should be all that is necessary.

If it is not Spring-based and you want to use annotations, you'll
probably need to enable the AspectJ support, otherwise,
SecurityUtils.getSubject() will work fine.

For testing, I would use the Subject.Builder to mock Subject instances
as necessary.  For example:

Subject mock = new
Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
mock.execute( new Runnable() {
    public void run() {
        runSomeTestAsTheSubject();
    }
});

This guarantees thread cleanup.  You can also use the 'Manual
Association' approach as covered in
http://incubator.apache.org/shiro/subject.html by binding and clearing
the ThreadState in the respective @Before and @After JUnit methods.
The Runnable and/or Callable approach is my favorite because there is
less to manage.

HTH!

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <li...@toolazydogs.com> wrote:
> I would like to integrate Shiro w/ a struts 2 setup.  Any advice before I dive in?
>
>
> Regards,
> Alan
>
>