You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by ipas <mi...@gmail.com> on 2012/06/09 10:22:27 UTC
JAX-WS services and shiro.
Hi, How to use shiro to secure JAX-WS services? Is there any way to
integrate shiro with WS-Security or use instead of it?
Thank you.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/JAX-WS-services-and-shiro-tp7577486.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: JAX-WS services and shiro.
Posted by Kalle Korhonen <ka...@gmail.com>.
On Sat, Jun 9, 2012 at 6:15 AM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:
> Rest and SOAP WS are not the same thing. I use Shiro to secure REST WS as well, but this is not the original question.
> I too am looking for a solution to secure SOAP web services with Shiro but have yet to find one.
You can certainly secure the SOAP endpoint with an URL-based security
configuration. On the client side, you need a SOAP client
implementation that allows supplying custom http headers. Nowadays
most do, I've done this type of securing with Axis, XFire and CXF in
the past. Consider whether you really need WS security, since using it
comes with heavy performance penalty (e.g.
http://en.wikipedia.org/wiki/WS-Security).
Kalle
>
>
> On Jun 9, 2012, at 8:02 AM, Paulo Pires <pj...@ubiwhere.com> wrote:
>
>> I use Shiro to replace WS-Security.
>>
>> Simply, I create my REST WS and put annotations like
>> @RequiresAuthentication or @RequiresRole (don't forget to check on using
>> aspects for annotation support) and then define in shiro.ini the paths
>> and respective filters, like:
>>
>> [urls]
>> /rest/auth = ssl, rest
>> /rest/admin = ssl, rest
>>
>> And that's it so far. /rest/auth authenticates and returns a cookie than
>> it's sent on every other request. if you don't set it, for instance,
>> when reaching /rest/admin which @RequiresAuthentication, you'll receive
>> an 500 error. I'd like to have 401 or 403 but I'm not sure how to do it,
>> yet.
>>
>> Cheers,
>> PP
>>
>> On 09/06/12 09:22, ipas wrote:
>>> Hi, How to use shiro to secure JAX-WS services? Is there any way to
>>> integrate shiro with WS-Security or use instead of it?
>>>
>>> Thank you.
>>>
>>> --
>>> View this message in context: http://shiro-user.582556.n2.nabble.com/JAX-WS-services-and-shiro-tp7577486.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>> --
>> Paulo Pires
>>
Re: JAX-WS services and shiro.
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Rest and SOAP WS are not the same thing. I use Shiro to secure REST WS as well, but this is not the original question.
I too am looking for a solution to secure SOAP web services with Shiro but have yet to find one.
On Jun 9, 2012, at 8:02 AM, Paulo Pires <pj...@ubiwhere.com> wrote:
> I use Shiro to replace WS-Security.
>
> Simply, I create my REST WS and put annotations like
> @RequiresAuthentication or @RequiresRole (don't forget to check on using
> aspects for annotation support) and then define in shiro.ini the paths
> and respective filters, like:
>
> [urls]
> /rest/auth = ssl, rest
> /rest/admin = ssl, rest
>
> And that's it so far. /rest/auth authenticates and returns a cookie than
> it's sent on every other request. if you don't set it, for instance,
> when reaching /rest/admin which @RequiresAuthentication, you'll receive
> an 500 error. I'd like to have 401 or 403 but I'm not sure how to do it,
> yet.
>
> Cheers,
> PP
>
> On 09/06/12 09:22, ipas wrote:
>> Hi, How to use shiro to secure JAX-WS services? Is there any way to
>> integrate shiro with WS-Security or use instead of it?
>>
>> Thank you.
>>
>> --
>> View this message in context: http://shiro-user.582556.n2.nabble.com/JAX-WS-services-and-shiro-tp7577486.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>
> --
> Paulo Pires
>
Re: JAX-WS services and shiro.
Posted by Paulo Pires <pj...@ubiwhere.com>.
I use Shiro to replace WS-Security.
Simply, I create my REST WS and put annotations like
@RequiresAuthentication or @RequiresRole (don't forget to check on using
aspects for annotation support) and then define in shiro.ini the paths
and respective filters, like:
[urls]
/rest/auth = ssl, rest
/rest/admin = ssl, rest
And that's it so far. /rest/auth authenticates and returns a cookie than
it's sent on every other request. if you don't set it, for instance,
when reaching /rest/admin which @RequiresAuthentication, you'll receive
an 500 error. I'd like to have 401 or 403 but I'm not sure how to do it,
yet.
Cheers,
PP
On 09/06/12 09:22, ipas wrote:
> Hi, How to use shiro to secure JAX-WS services? Is there any way to
> integrate shiro with WS-Security or use instead of it?
>
> Thank you.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/JAX-WS-services-and-shiro-tp7577486.html
> Sent from the Shiro User mailing list archive at Nabble.com.
--
Paulo Pires