You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Anant Rao <ra...@yahoo.com> on 2014/09/01 17:03:27 UTC
AJAX
Hi,
I am a backend developer. Using Shiro, I implemented a form-based authenticator with SHA256 salted password hasher. All of this works great.
Now, the front-end developer says he is using angularJS and he's unable to mix form-based auth with the rest of his stuff and asked me to figure out if I can support AJAX based thing for Auth also.
I'm not familiar with the front-end technologies. Could you help me understand if Shiro supports such AJAX-based authentication.
Thanks!
Anant
Re: AJAX
Posted by Dominic Farr <do...@gmail.com>.
Sorry, correction, Auth0 wrote the AngularJS blog. Auth0 has nothing to do
with OAuth, the open standard for authorization.
I clearly need a coffee!
On 2 September 2014 08:17, Dominic Farr <do...@gmail.com> wrote:
> Not sure that makes sense. Basic authentication uses HTTP Headers, not
> cookies. See Here
> <http://en.wikipedia.org/wiki/Basic_access_authentication>
>
> Yes, Shiro can handle security for ajax stacks like AngularJS, but it all
> depends on your security requirements; Basic, Session based cookies,
> or Token based authentication (sometimes called Bearer Token.)
>
> OAuth did a nice break down for AngularJS and security, you can read that
> here
> <https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/>
>
> Best of luck.
>
> Dom
> On 2 Sep 2014 03:26, "Brian Demers" <br...@gmail.com> wrote:
>
>> You could use BASIC auth (and check for a cookie)
>>
>> -Brian
>>
>> On Sep 1, 2014, at 11:03 AM, Anant Rao <ra...@yahoo.com> wrote:
>>
>> Hi,
>>
>> I am a backend developer. Using Shiro, I implemented a form-based
>> authenticator with SHA256 salted password hasher. All of this works great.
>> Now, the front-end developer says he is using angularJS and he's unable
>> to mix form-based auth with the rest of his stuff and asked me to figure
>> out if I can support AJAX based thing for Auth also.
>>
>> I'm not familiar with the front-end technologies. Could you help me
>> understand if Shiro supports such AJAX-based authentication.
>> Thanks!
>> Anant
>>
>>
>>
Re: AJAX
Posted by Dominic Farr <do...@gmail.com>.
Fair enough; But I would not recommend that approach.
On 2 September 2014 13:30, Brian Demers <br...@gmail.com> wrote:
> My point was more the fact that you could use basic auth, and drop a
> cookie for the following requests. (Basically just replacing the form login)
>
>
>
> -Brian
>
> On Sep 2, 2014, at 3:17 AM, Dominic Farr <do...@gmail.com> wrote:
>
> Not sure that makes sense. Basic authentication uses HTTP Headers, not
> cookies. See Here
> <http://en.wikipedia.org/wiki/Basic_access_authentication>
>
> Yes, Shiro can handle security for ajax stacks like AngularJS, but it all
> depends on your security requirements; Basic, Session based cookies,
> or Token based authentication (sometimes called Bearer Token.)
>
> OAuth did a nice break down for AngularJS and security, you can read that
> here
> <https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/>
>
> Best of luck.
>
> Dom
> On 2 Sep 2014 03:26, "Brian Demers" <br...@gmail.com> wrote:
>
>> You could use BASIC auth (and check for a cookie)
>>
>> -Brian
>>
>> On Sep 1, 2014, at 11:03 AM, Anant Rao <ra...@yahoo.com> wrote:
>>
>> Hi,
>>
>> I am a backend developer. Using Shiro, I implemented a form-based
>> authenticator with SHA256 salted password hasher. All of this works great.
>> Now, the front-end developer says he is using angularJS and he's unable
>> to mix form-based auth with the rest of his stuff and asked me to figure
>> out if I can support AJAX based thing for Auth also.
>>
>> I'm not familiar with the front-end technologies. Could you help me
>> understand if Shiro supports such AJAX-based authentication.
>> Thanks!
>> Anant
>>
>>
>>
Re: AJAX
Posted by Brian Demers <br...@gmail.com>.
My point was more the fact that you could use basic auth, and drop a cookie for the following requests. (Basically just replacing the form login)
-Brian
> On Sep 2, 2014, at 3:17 AM, Dominic Farr <do...@gmail.com> wrote:
>
> Not sure that makes sense. Basic authentication uses HTTP Headers, not cookies. See Here
>
> Yes, Shiro can handle security for ajax stacks like AngularJS, but it all depends on your security requirements; Basic, Session based cookies, or Token based authentication (sometimes called Bearer Token.)
>
> OAuth did a nice break down for AngularJS and security, you can read that here
>
> Best of luck.
>
> Dom
>
>> On 2 Sep 2014 03:26, "Brian Demers" <br...@gmail.com> wrote:
>> You could use BASIC auth (and check for a cookie)
>>
>> -Brian
>>
>>> On Sep 1, 2014, at 11:03 AM, Anant Rao <ra...@yahoo.com> wrote:
>>>
>>> Hi,
>>>
>>> I am a backend developer. Using Shiro, I implemented a form-based authenticator with SHA256 salted password hasher. All of this works great.
>>> Now, the front-end developer says he is using angularJS and he's unable to mix form-based auth with the rest of his stuff and asked me to figure out if I can support AJAX based thing for Auth also.
>>>
>>> I'm not familiar with the front-end technologies. Could you help me understand if Shiro supports such AJAX-based authentication.
>>> Thanks!
>>> Anant
Re: AJAX
Posted by Dominic Farr <do...@gmail.com>.
Not sure that makes sense. Basic authentication uses HTTP Headers, not
cookies. See Here <http://en.wikipedia.org/wiki/Basic_access_authentication>
Yes, Shiro can handle security for ajax stacks like AngularJS, but it all
depends on your security requirements; Basic, Session based cookies,
or Token based authentication (sometimes called Bearer Token.)
OAuth did a nice break down for AngularJS and security, you can read that
here
<https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/>
Best of luck.
Dom
On 2 Sep 2014 03:26, "Brian Demers" <br...@gmail.com> wrote:
> You could use BASIC auth (and check for a cookie)
>
> -Brian
>
> On Sep 1, 2014, at 11:03 AM, Anant Rao <ra...@yahoo.com> wrote:
>
> Hi,
>
> I am a backend developer. Using Shiro, I implemented a form-based
> authenticator with SHA256 salted password hasher. All of this works great.
> Now, the front-end developer says he is using angularJS and he's unable to
> mix form-based auth with the rest of his stuff and asked me to figure out
> if I can support AJAX based thing for Auth also.
>
> I'm not familiar with the front-end technologies. Could you help me
> understand if Shiro supports such AJAX-based authentication.
> Thanks!
> Anant
>
>
>
Re: AJAX
Posted by Brian Demers <br...@gmail.com>.
You could use BASIC auth (and check for a cookie)
-Brian
> On Sep 1, 2014, at 11:03 AM, Anant Rao <ra...@yahoo.com> wrote:
>
> Hi,
>
> I am a backend developer. Using Shiro, I implemented a form-based authenticator with SHA256 salted password hasher. All of this works great.
> Now, the front-end developer says he is using angularJS and he's unable to mix form-based auth with the rest of his stuff and asked me to figure out if I can support AJAX based thing for Auth also.
>
> I'm not familiar with the front-end technologies. Could you help me understand if Shiro supports such AJAX-based authentication.
> Thanks!
> Anant
>
Re: AJAX
Posted by juan manuel rojas ronquillo <ju...@rhemsolutions.com>.
You can use the shiro API for user authentication
http://shiro.apache.org/authentication.html#Authentication-Authenticating%7B%7BSubjects%7D%7D
http://shiro.apache.org/authentication.html#Authentication-LoggingOut
Login
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(
username.getValue(), password.getValue());
try {
currentUser.login(token);
//user logged
} catch (Exception e) {
username.setValue("");
password.setValue("");
//Not logged!;
}
Logout
currentUser.logout();
Shiro.ini
The shiro filer "authc" redirect the user to a login url. If you don't
want redirection you should not use authc
http://shiro.apache.org/web.html#Web-DefaultFilters
#authc.loginUrl = /login.jsp
#authc.usernameParam = user
#authc.passwordParam = pass
#logout.redirectUrl = /login.jsp
[urls]
#The logout filter makes a redirection
#/logout = logout, anon
#/favicon.ico = anon
/#logo.jpg = anon
#/js/** =anon
#/resources/** =anon
#auth filter makes a redirection
#/** = authc
2014-09-01 10:03 GMT-05:00 Anant Rao <ra...@yahoo.com>:
> Hi,
>
> I am a backend developer. Using Shiro, I implemented a form-based
> authenticator with SHA256 salted password hasher. All of this works great.
> Now, the front-end developer says he is using angularJS and he's unable to
> mix form-based auth with the rest of his stuff and asked me to figure out if
> I can support AJAX based thing for Auth also.
>
> I'm not familiar with the front-end technologies. Could you help me
> understand if Shiro supports such AJAX-based authentication.
> Thanks!
> Anant
>