You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2012/06/24 19:58:42 UTC

[jira] [Created] (SHIRO-372) provide some integration with wss4j

Romain Manni-Bucau created SHIRO-372:
----------------------------------------

             Summary: provide some integration with wss4j
                 Key: SHIRO-372
                 URL: https://issues.apache.org/jira/browse/SHIRO-372
             Project: Shiro
          Issue Type: Improvement
    Affects Versions: 1.2.0
            Reporter: Romain Manni-Bucau


A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (SHIRO-372) provide some integration with wss4j

Posted by "Romain Manni-Bucau (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/SHIRO-372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13409225#comment-13409225 ] 

Romain Manni-Bucau commented on SHIRO-372:
------------------------------------------

The shiro validator proposed in the zip needs the clear password on the server side, to avoid it the following implementation is fine:


import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.UsernameTokenValidator;

public class ShiroValidator extends UsernameTokenValidator {
    @Override
    protected void verifyPlaintextPassword(final UsernameToken usernameToken, RequestData data) throws WSSecurityException {
        final Subject subject = SecurityUtils.getSubject();
        try {
            login(subject, usernameToken.getName(), usernameToken.getPassword());
            logout(subject);
        } catch (AuthenticationException ae) {
            throw new WSSecurityException("can't log '" + usernameToken.getName() + "'");
        }

    }

    protected void login(final Subject subject, final String user, final String password) {
        if (subject.isAuthenticated()) {
            subject.logout();
        }

        subject.login(new UsernamePasswordToken(user, password.toCharArray()));
    }

    protected void logout(final Subject subject) {
        assert subject.isAuthenticated();
        // defined to be overridable if necessary, we should be able to call logout here
        // but often we want permission later in the same call
        // so for performances we don't call logout immediately
    }
}

                
> provide some integration with wss4j
> -----------------------------------
>
>                 Key: SHIRO-372
>                 URL: https://issues.apache.org/jira/browse/SHIRO-372
>             Project: Shiro
>          Issue Type: Improvement
>    Affects Versions: 1.2.0
>            Reporter: Romain Manni-Bucau
>         Attachments: shiro-wss4j.zip
>
>
> A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (SHIRO-372) provide some integration with wss4j

Posted by "Romain Manni-Bucau (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SHIRO-372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Romain Manni-Bucau updated SHIRO-372:
-------------------------------------

    Attachment: shiro-wss4j.zip

the provided patch contains a CDI LogOut interceptor which should probably moved somewhere else (cdi support module?) but it allows to clean easily (simple annotating @LogOut) the current context after the invocation (another way to do it is to use cxf interceptors but it is no more standard)
                
> provide some integration with wss4j
> -----------------------------------
>
>                 Key: SHIRO-372
>                 URL: https://issues.apache.org/jira/browse/SHIRO-372
>             Project: Shiro
>          Issue Type: Improvement
>    Affects Versions: 1.2.0
>            Reporter: Romain Manni-Bucau
>         Attachments: shiro-wss4j.zip
>
>
> A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira