You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Romain Manni-Bucau (JIRA)" <ji...@apache.org> on 2012/06/24 19:58:42 UTC
[jira] [Created] (SHIRO-372) provide some integration with wss4j
Romain Manni-Bucau created SHIRO-372:
----------------------------------------
Summary: provide some integration with wss4j
Key: SHIRO-372
URL: https://issues.apache.org/jira/browse/SHIRO-372
Project: Shiro
Issue Type: Improvement
Affects Versions: 1.2.0
Reporter: Romain Manni-Bucau
A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SHIRO-372) provide some integration with wss4j
Posted by "Romain Manni-Bucau (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13409225#comment-13409225 ]
Romain Manni-Bucau commented on SHIRO-372:
------------------------------------------
The shiro validator proposed in the zip needs the clear password on the server side, to avoid it the following implementation is fine:
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.UsernameTokenValidator;
public class ShiroValidator extends UsernameTokenValidator {
@Override
protected void verifyPlaintextPassword(final UsernameToken usernameToken, RequestData data) throws WSSecurityException {
final Subject subject = SecurityUtils.getSubject();
try {
login(subject, usernameToken.getName(), usernameToken.getPassword());
logout(subject);
} catch (AuthenticationException ae) {
throw new WSSecurityException("can't log '" + usernameToken.getName() + "'");
}
}
protected void login(final Subject subject, final String user, final String password) {
if (subject.isAuthenticated()) {
subject.logout();
}
subject.login(new UsernamePasswordToken(user, password.toCharArray()));
}
protected void logout(final Subject subject) {
assert subject.isAuthenticated();
// defined to be overridable if necessary, we should be able to call logout here
// but often we want permission later in the same call
// so for performances we don't call logout immediately
}
}
> provide some integration with wss4j
> -----------------------------------
>
> Key: SHIRO-372
> URL: https://issues.apache.org/jira/browse/SHIRO-372
> Project: Shiro
> Issue Type: Improvement
> Affects Versions: 1.2.0
> Reporter: Romain Manni-Bucau
> Attachments: shiro-wss4j.zip
>
>
> A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHIRO-372) provide some integration with wss4j
Posted by "Romain Manni-Bucau (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Romain Manni-Bucau updated SHIRO-372:
-------------------------------------
Attachment: shiro-wss4j.zip
the provided patch contains a CDI LogOut interceptor which should probably moved somewhere else (cdi support module?) but it allows to clean easily (simple annotating @LogOut) the current context after the invocation (another way to do it is to use cxf interceptors but it is no more standard)
> provide some integration with wss4j
> -----------------------------------
>
> Key: SHIRO-372
> URL: https://issues.apache.org/jira/browse/SHIRO-372
> Project: Shiro
> Issue Type: Improvement
> Affects Versions: 1.2.0
> Reporter: Romain Manni-Bucau
> Attachments: shiro-wss4j.zip
>
>
> A simple way to integrate shiro with wss4j is to extend the UsernameTokenValidator and add a login.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira