You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Lutz Suhrbier <l....@bgbm.org> on 2012/12/11 13:13:10 UTC

Eclipse RAP integration

Hello,

I am trying to find the right way to integrate Shiro 1.2.1 within 
Eclipse RAP.
Actually, I have followed other recommendations to simply initialize 
Shiro within the RAP-OSGi Activator constructor like this.

Factory<SecurityManager> factory = new 
IniSecurityManagerFactory("file:path_to_shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);

At first glance, it appears working fine, but when a user pushed the 
reload button in the browser, SecurityUtils.getSubject() appears to 
always creates a new Subject instance and isAuthenticated() returns false.

What I already evaluated, is that the servlet sessionid, which I can get 
with RWT.getRequest().getSession().getId() remains identical, while the 
Subject.getSession().getId() has changed. Also, the 
SecurityUtils.getSubject() implementation appears to be bound to the 
current thread, so I think if a new request would be processed within 
another thread by the servlet container (Jetty 8, as included in eclipse 
juno here), it is logical that getSubject() can not retrieve the former 
session info, because this is bound to another thread.

Did anybody achieved to get Eclipse RAP and Shiro working properly 
together ?

And, as I am quite new to all that OSGI and servlet containter stuff, is 
there a way to manage that configuring shiro filters or listeners will 
work out of the box within my Eclipse Juno environment ?

Thanks
Lutz

Re: Eclipse RAP integration

Posted by Lutz Suhrbier <l....@bgbm.org>.

Hi Jan,

even though you provided me no detailed instructions, your hint to 
register the Shiro filter as OSGi HttpService finally saved my day :-) .
Now, several other postings I have read make sense and Shiro now works 
like a charme (using the deprecated IniShiroFilter())

Currently, I did manage to register Shiro's EnvironmentLoaderListener() 
in order to use the now recommended ShiroFilter.
But maybe, there is somebody else out there, who could provide a hint on 
how to realise this ?


Here is a short description, what is needed to make it work:
First, you have add dependencies to the following equinox or osgi bundles:
org.eclipse.equinox.http.servlet
org.eclipse.equinox.http.registry
org.eclipse.osgi.services

Finally, you have two options to do that:
1) User the org.eclipse.equinox.http.registry.filters extension and 
configure the iniShiroFilter class and the configPath init-param
    <extension
          point="org.eclipse.equinox.http.registry.filters">
       <filter
             alias="/"
             class="org.apache.shiro.web.servlet.IniShiroFilter"
             load-on-startup="true">
          <init-param
                name="configPath"
                value="shiro.ini">
          </init-param>
       </filter>
    </extension>

2) Activate a ServiceTracker in the Activator's start method:

public void start(BundleContext context) throws Exception {
         logger.debug("Starting Bundle " + 
context.getBundle().getSymbolicName() + ".");
         super.start(context);
         logger.debug("Registering ShiroFilter ...");
         ExtendedHttpServiceTracker httpServiceTracker = new 
ExtendedHttpServiceTracker(context);
         httpServiceTracker.open();
}

Here is the simple ServiceTracker:

public class ExtendedHttpServiceTracker extends ServiceTracker {
     final static Logger logger = 
LoggerFactory.getLogger(ExtendedHttpServiceTracker.class);
     public ExtendedHttpServiceTracker(BundleContext context, 
ServiceTrackerCustomizer customizer) {
         super(context, ExtendedHttpService.class.getName(), customizer);
     }

     public ExtendedHttpServiceTracker(BundleContext context) {
         this(context, null);
     }

     public ExtendedHttpService getExtendedHttpService() {
         return (ExtendedHttpService) getService();
     }

     public ExtendedHttpService[] getExtendedHttpServices() {
         return (ExtendedHttpService[]) getServices();
     }

     @Override
     public Object addingService(ServiceReference reference) {
         if (reference != null) {
             Dictionary properties = new Hashtable();
             properties.put("configPath", "file:/config/shiro.ini");

             ExtendedHttpService service = 
(ExtendedHttpService)context.getService(reference);
             try {
                 service.registerFilter("/", new IniShiroFilter(), 
properties, null);
             } catch (ServletException | NamespaceException e) {
                 logger.error("Apache Shiro filter could NOT be 
registered to " + context.getBundle().getSymbolicName() + ".", e);
             }
             logger.info("Apache Shiro filter successfully registered to 
" + context.getBundle().getSymbolicName() + ".");
             return service;
         }
         else
             logger.error("registerShiroFilter(): serviceRef= " + 
reference);
         return null;
     }

     @Override
     public void removedService(ServiceReference reference, Object 
service) {
         super.removedService(reference, service);
     }

}

I hope, somebody can put this on a more prominent place in the Shiro 
documentation.
It's a quite simple thing, but It was really hard and time consuming to 
find the solution !

best regards
Lutz


> Hi Lutz,
>
> we are also using Apache Shiro with OSGi (Eclipse Equinox). What we do is register the Shiro filter with the OSGi HttpService.
> We use Blueprint and Shiro's Spring add-on to configure Shiro. With that setting we are very happy!
>
> I can't tell you how to configure Shiro in OSGi without using Blueprint though.
>
> Bye,
> Jan
>
> -----Ursprüngliche Nachricht-----
> Von: Lutz Suhrbier [mailto:l.suhrbier@bgbm.org]
> Gesendet: Dienstag, 11. Dezember 2012 13:13
> An: user@shiro.apache.org
> Betreff: Eclipse RAP integration
>
> Hello,
>
> I am trying to find the right way to integrate Shiro 1.2.1 within Eclipse RAP.
> Actually, I have followed other recommendations to simply initialize Shiro within the RAP-OSGi Activator constructor like this.
>
> Factory<SecurityManager> factory = new
> IniSecurityManagerFactory("file:path_to_shiro.ini");
> SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager);
>
> At first glance, it appears working fine, but when a user pushed the reload button in the browser, SecurityUtils.getSubject() appears to always creates a new Subject instance and isAuthenticated() returns false.
>
> What I already evaluated, is that the servlet sessionid, which I can get with RWT.getRequest().getSession().getId() remains identical, while the
> Subject.getSession().getId() has changed. Also, the
> SecurityUtils.getSubject() implementation appears to be bound to the current thread, so I think if a new request would be processed within another thread by the servlet container (Jetty 8, as included in eclipse juno here), it is logical that getSubject() can not retrieve the former session info, because this is bound to another thread.
>
> Did anybody achieved to get Eclipse RAP and Shiro working properly together ?
>
> And, as I am quite new to all that OSGI and servlet containter stuff, is there a way to manage that configuring shiro filters or listeners will work out of the box within my Eclipse Juno environment ?
>
> Thanks
> Lutz
>
>
>
>
>

Re: Eclipse RAP integration

Posted by Harald Wellmann <hw...@gmail.com>.

Intializing Shiro in an Activator won't have the desired effect.
Activators are run by the OSGi framework startup thread, not by an
HTTP request thread.

I'd recommend using shiro.ini and the usual settings in web.xml
documented for vanilla web applications.

Hope that helps,
Harald

2012/12/11 Jan Stamer <J....@pe-international.com>:
> Hi Lutz,
>
> we are also using Apache Shiro with OSGi (Eclipse Equinox). What we do is register the Shiro filter with the OSGi HttpService.
> We use Blueprint and Shiro's Spring add-on to configure Shiro. With that setting we are very happy!
>
> I can't tell you how to configure Shiro in OSGi without using Blueprint though.
>
> Bye,
> Jan
>
> -----Ursprüngliche Nachricht-----
> Von: Lutz Suhrbier [mailto:l.suhrbier@bgbm.org]
> Gesendet: Dienstag, 11. Dezember 2012 13:13
> An: user@shiro.apache.org
> Betreff: Eclipse RAP integration
>
> Hello,
>
> I am trying to find the right way to integrate Shiro 1.2.1 within Eclipse RAP.
> Actually, I have followed other recommendations to simply initialize Shiro within the RAP-OSGi Activator constructor like this.
>
> Factory<SecurityManager> factory = new
> IniSecurityManagerFactory("file:path_to_shiro.ini");
> SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager);
>
> At first glance, it appears working fine, but when a user pushed the reload button in the browser, SecurityUtils.getSubject() appears to always creates a new Subject instance and isAuthenticated() returns false.
>
> What I already evaluated, is that the servlet sessionid, which I can get with RWT.getRequest().getSession().getId() remains identical, while the
> Subject.getSession().getId() has changed. Also, the
> SecurityUtils.getSubject() implementation appears to be bound to the current thread, so I think if a new request would be processed within another thread by the servlet container (Jetty 8, as included in eclipse juno here), it is logical that getSubject() can not retrieve the former session info, because this is bound to another thread.
>
> Did anybody achieved to get Eclipse RAP and Shiro working properly together ?
>
> And, as I am quite new to all that OSGI and servlet containter stuff, is there a way to manage that configuring shiro filters or listeners will work out of the box within my Eclipse Juno environment ?
>
> Thanks
> Lutz
>
>
>
>

AW: Eclipse RAP integration

Posted by Jan Stamer <J....@pe-international.com>.

Hi Lutz,

we are also using Apache Shiro with OSGi (Eclipse Equinox). What we do is register the Shiro filter with the OSGi HttpService.
We use Blueprint and Shiro's Spring add-on to configure Shiro. With that setting we are very happy!

I can't tell you how to configure Shiro in OSGi without using Blueprint though.

Bye,
Jan

-----Ursprüngliche Nachricht-----
Von: Lutz Suhrbier [mailto:l.suhrbier@bgbm.org] 
Gesendet: Dienstag, 11. Dezember 2012 13:13
An: user@shiro.apache.org
Betreff: Eclipse RAP integration

Hello,

I am trying to find the right way to integrate Shiro 1.2.1 within Eclipse RAP.
Actually, I have followed other recommendations to simply initialize Shiro within the RAP-OSGi Activator constructor like this.

Factory<SecurityManager> factory = new
IniSecurityManagerFactory("file:path_to_shiro.ini");
SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager);

At first glance, it appears working fine, but when a user pushed the reload button in the browser, SecurityUtils.getSubject() appears to always creates a new Subject instance and isAuthenticated() returns false.

What I already evaluated, is that the servlet sessionid, which I can get with RWT.getRequest().getSession().getId() remains identical, while the
Subject.getSession().getId() has changed. Also, the
SecurityUtils.getSubject() implementation appears to be bound to the current thread, so I think if a new request would be processed within another thread by the servlet container (Jetty 8, as included in eclipse juno here), it is logical that getSubject() can not retrieve the former session info, because this is bound to another thread.

Did anybody achieved to get Eclipse RAP and Shiro working properly together ?

And, as I am quite new to all that OSGI and servlet containter stuff, is there a way to manage that configuring shiro filters or listeners will work out of the box within my Eclipse Juno environment ?

Thanks
Lutz