You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by sudheer kumar komirishetty <ko...@gmail.com> on 2013/01/07 15:37:05 UTC
Session Management For SOAP/REST APIs
Hi,
I am a newbie to Shiro. I would like to know how can achieve session
management for handling SOAP/REST calls.
Is there any sample project that I can refer ?
Thanks in Advance,
Sudheer.
Re: Session Management For SOAP/REST APIs
Posted by Paulo Pires <pj...@ubiwhere.com>.
With container session management, the client must provide the cookie
that the first request (usually log-in) returns.
PP
On 01/08/2013 04:49 AM, sudheer kumar komirishetty wrote:
> Thanks Paulo.
>
> One more question though: For a single REST / SOAP call we could rely
> on the container session or native shiro session, but how can we
> maintain a session across multiple REST/SOAP calls ? Do we have to
> write our custom logic similar to ThreadContext that is provided by Shiro.
>
> Regards,
> Sudheer.
>
> On Mon, Jan 7, 2013 at 8:23 PM, Paulo Pires <pjpires@ubiwhere.com
> <ma...@ubiwhere.com>> wrote:
>
> Btw, shiro.ini is a little bit outdated, since I was using Shiro
> 1.2.0 which had a bug with password matching, temporarily fixed by
> Les (
> passwordMatcher=org.apache.shiro.authc.credential.TempFixPasswordMatcher).
> You can change to the original PasswordMatcher as this was fixed
> in 1.2.1.
>
> Also, I've simplified the datasource configuration in order to use
> a JDBC Resource from my container (through JNDI):
>
> ds = org.apache.shiro.jndi.JndiObjectFactory
> ds.resourceName = jdbc/myDS
>
> ## the actual authentication realm
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.permissionsLookupEnabled = true
> jdbcRealm.authenticationQuery = SELECT password FROM
> public.USERS WHERE username = ?
> jdbcRealm.userRolesQuery = SELECT role_name FROM
> public.USERS_ROLES WHERE username = ?
> jdbcRealm.permissionsQuery = SELECT permission_name FROM
> public.ROLES_PERMISSIONS WHERE role_name = ?
> jdbcRealm.credentialsMatcher = $passwordMatcher
> jdbcRealm.dataSource=$ds
> securityManager.realms = $jdbcRealm
>
> PP
>
>
> On 01/07/2013 02:41 PM, Paulo Pires wrote:
>> You can use native Shiro session management or since it's a
>> webapp, your container session management facilities.
>>
>> I for one, use Shiro for authentication purposes but rely on the
>> container for session stuff, since it's easier to clusterize.
>>
>> Regarding examples, you'll find mine at
>> https://github.com/pires/simple-shiro-web-app
>>
>> PP
>>
>> On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty
>> wrote:
>>> Hi,
>>>
>>> I am a newbie to Shiro. I would like to know how can achieve
>>> session
>>> management for handling SOAP/REST calls.
>>> Is there any sample project that I can refer ?
>>>
>>> Thanks in Advance,
>>> Sudheer.
>>
>>
>
>
Re: Session Management For SOAP/REST APIs
Posted by sudheer kumar komirishetty <ko...@gmail.com>.
Thanks Paulo.
One more question though: For a single REST / SOAP call we could rely on
the container session or native shiro session, but how can we maintain a
session across multiple REST/SOAP calls ? Do we have to write our custom
logic similar to ThreadContext that is provided by Shiro.
Regards,
Sudheer.
On Mon, Jan 7, 2013 at 8:23 PM, Paulo Pires <pj...@ubiwhere.com> wrote:
> Btw, shiro.ini is a little bit outdated, since I was using Shiro 1.2.0
> which had a bug with password matching, temporarily fixed by Les (
> passwordMatcher = org.apache.shiro.authc.credential.TempFixPasswordMatcher).
> You can change to the original PasswordMatcher as this was fixed in 1.2.1.
>
> Also, I've simplified the datasource configuration in order to use a JDBC
> Resource from my container (through JNDI):
>
> ds = org.apache.shiro.jndi.JndiObjectFactory
> ds.resourceName = jdbc/myDS
>
> ## the actual authentication realm
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.permissionsLookupEnabled = true
> jdbcRealm.authenticationQuery = SELECT password FROM public.USERS WHERE
> username = ?
> jdbcRealm.userRolesQuery = SELECT role_name FROM public.USERS_ROLES WHERE
> username = ?
> jdbcRealm.permissionsQuery = SELECT permission_name FROM
> public.ROLES_PERMISSIONS WHERE role_name = ?
> jdbcRealm.credentialsMatcher = $passwordMatcher
> jdbcRealm.dataSource=$ds
> securityManager.realms = $jdbcRealm
>
> PP
>
>
> On 01/07/2013 02:41 PM, Paulo Pires wrote:
>
> You can use native Shiro session management or since it's a webapp, your
> container session management facilities.
>
> I for one, use Shiro for authentication purposes but rely on the container
> for session stuff, since it's easier to clusterize.
>
> Regarding examples, you'll find mine at
> https://github.com/pires/simple-shiro-web-app
>
> PP
>
> On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty wrote:
>
> Hi,
>
> I am a newbie to Shiro. I would like to know how can achieve session
> management for handling SOAP/REST calls.
> Is there any sample project that I can refer ?
>
> Thanks in Advance,
> Sudheer.
>
>
>
>
>
Re: Session Management For SOAP/REST APIs
Posted by Paulo Pires <pj...@ubiwhere.com>.
Btw, shiro.ini is a little bit outdated, since I was using Shiro 1.2.0
which had a bug with password matching, temporarily fixed by Les (
passwordMatcher=org.apache.shiro.authc.credential.TempFixPasswordMatcher).
You can change to the original PasswordMatcher as this was fixed in 1.2.1.
Also, I've simplified the datasource configuration in order to use a
JDBC Resource from my container (through JNDI):
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.resourceName = jdbc/myDS
## the actual authentication realm
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT password FROM public.USERS
WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role_name FROM public.USERS_ROLES
WHERE username = ?
jdbcRealm.permissionsQuery = SELECT permission_name FROM
public.ROLES_PERMISSIONS WHERE role_name = ?
jdbcRealm.credentialsMatcher = $passwordMatcher
jdbcRealm.dataSource=$ds
securityManager.realms = $jdbcRealm
PP
On 01/07/2013 02:41 PM, Paulo Pires wrote:
> You can use native Shiro session management or since it's a webapp,
> your container session management facilities.
>
> I for one, use Shiro for authentication purposes but rely on the
> container for session stuff, since it's easier to clusterize.
>
> Regarding examples, you'll find mine at
> https://github.com/pires/simple-shiro-web-app
>
> PP
>
> On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty wrote:
>> Hi,
>>
>> I am a newbie to Shiro. I would like to know how can achieve session
>> management for handling SOAP/REST calls.
>> Is there any sample project that I can refer ?
>>
>> Thanks in Advance,
>> Sudheer.
>
>
Re: Session Management For SOAP/REST APIs
Posted by Paulo Pires <pj...@ubiwhere.com>.
You can use native Shiro session management or since it's a webapp,
your container session management facilities.
I for one, use Shiro for authentication purposes but rely on the
container for session stuff, since it's easier to clusterize.
Regarding examples, you'll find mine at
https://github.com/pires/simple-shiro-web-app
PP
On Mon 07 Jan 2013 02:37:05 PM WET, sudheer kumar komirishetty wrote:
> Hi,
>
> I am a newbie to Shiro. I would like to know how can achieve session
> management for handling SOAP/REST calls.
> Is there any sample project that I can refer ?
>
> Thanks in Advance,
> Sudheer.