You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by minigold <km...@gmail.com> on 2013/06/09 13:31:29 UTC

Is shiro save to use for security layer of a SAAS web application ?

I am trying to implement the security layer in a SAAS application. I would
like to use shiro and want to make sure that shiro can meet our
application's requirement or not.

hello ! Is there such a kind of support in shiro.
for example.
I try to access to the page without logging in.
http://www.example.com/user/profile <http://www.example.com/user/profile>  
so it will be redirected to the login page again because I am not
authenticated yet. And I try to login with correct username and password. As
soon as after I login, it should redirect directly to the page (
http://www.example.com/user/profile <http://www.example.com/user/profile>  )
that I tried to reach before I login without going to the default login
success page( http://www.example.com/user/dashboard
<http://www.example.com/user/dashboard>  ).
What I want to ask is can I tell shiro to remember the link that the user
wanted to access and redirect directly to it right away after the user
login.

Thank you so much. Sorry if my english is not good enough to figure out what
I want to say.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Is-shiro-save-to-use-for-security-layer-of-a-SAAS-web-application-tp7578829.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Is shiro save to use for security layer of a SAAS web application ?

Posted by minigold <km...@gmail.com>.

Thank for your response and answer.
I will dig more into shiro. :)


On Mon, Jun 10, 2013 at 6:06 AM, Les Hazlewood-2 [via Shiro User] <
ml-node+s582556n7578831h89@n2.nabble.com> wrote:

> Most definitely! Stormpath (http://www.stormpath.com) - for example - is
> a User Management & Security SaaS secured by Shiro.  Large banks, stock
> exchanges, telcos and government organizations (and many others) use Shiro
> to secure many of their online apps as well.
>
> For your particular question, see Shiro's simple sample web app as an
> example:
> https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/  It
> demonstrates the exact functionality you are asking about.
>
> HTH,
>
> --
> Les Hazlewood | @lhazlewood
> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
>
> On Sun, Jun 9, 2013 at 4:31 AM, minigold <[hidden email]<http://user/SendEmail.jtp?type=node&node=7578831&i=0>
> > wrote:
>
>> I am trying to implement the security layer in a SAAS application. I would
>> like to use shiro and want to make sure that shiro can meet our
>> application's requirement or not.
>>
>> hello ! Is there such a kind of support in shiro.
>> for example.
>> I try to access to the page without logging in.
>> http://www.example.com/user/profile <http://www.example.com/user/profile>
>> so it will be redirected to the login page again because I am not
>> authenticated yet. And I try to login with correct username and password.
>> As
>> soon as after I login, it should redirect directly to the page (
>> http://www.example.com/user/profile <http://www.example.com/user/profile>
>>  )
>> that I tried to reach before I login without going to the default login
>> success page( http://www.example.com/user/dashboard
>> <http://www.example.com/user/dashboard>  ).
>> What I want to ask is can I tell shiro to remember the link that the user
>> wanted to access and redirect directly to it right away after the user
>> login.
>>
>> Thank you so much. Sorry if my english is not good enough to figure out
>> what
>> I want to say.
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Is-shiro-save-to-use-for-security-layer-of-a-SAAS-web-application-tp7578829.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/Is-shiro-save-to-use-for-security-layer-of-a-SAAS-web-application-tp7578829p7578831.html
>  To unsubscribe from Is shiro save to use for security layer of a SAAS web
> application ?, click here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7578829&code=a21vbmt5YXdAZ21haWwuY29tfDc1Nzg4Mjl8NDg0MzYxOTg=>
> .
> NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Is-shiro-save-to-use-for-security-layer-of-a-SAAS-web-application-tp7578829p7578832.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Is shiro save to use for security layer of a SAAS web application ?

Posted by Les Hazlewood <lh...@apache.org>.

Most definitely! Stormpath (http://www.stormpath.com) - for example - is a
User Management & Security SaaS secured by Shiro.  Large banks, stock
exchanges, telcos and government organizations (and many others) use Shiro
to secure many of their online apps as well.

For your particular question, see Shiro's simple sample web app as an
example: https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/
It demonstrates the exact functionality you are asking about.

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282

On Sun, Jun 9, 2013 at 4:31 AM, minigold <km...@gmail.com> wrote:

> I am trying to implement the security layer in a SAAS application. I would
> like to use shiro and want to make sure that shiro can meet our
> application's requirement or not.
>
> hello ! Is there such a kind of support in shiro.
> for example.
> I try to access to the page without logging in.
> http://www.example.com/user/profile <http://www.example.com/user/profile>
> so it will be redirected to the login page again because I am not
> authenticated yet. And I try to login with correct username and password.
> As
> soon as after I login, it should redirect directly to the page (
> http://www.example.com/user/profile <http://www.example.com/user/profile>
>  )
> that I tried to reach before I login without going to the default login
> success page( http://www.example.com/user/dashboard
> <http://www.example.com/user/dashboard>  ).
> What I want to ask is can I tell shiro to remember the link that the user
> wanted to access and redirect directly to it right away after the user
> login.
>
> Thank you so much. Sorry if my english is not good enough to figure out
> what
> I want to say.
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Is-shiro-save-to-use-for-security-layer-of-a-SAAS-web-application-tp7578829.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>