Apache Shiro

[Alex Soto <as...@gmail.com>]

Hello,

I want to create an application using jax-rs2 and securized by using Apache
Shiro. Do you know any example on how to do this? I have read that you need
to create a filter, and listener and so on, but in case of jax-rs I don't
think it has much sense to do this and because we are under CDI we can
register the required classes using CDI instead of relying to web.xml.

Is there any way to do this?

Re: Apache Shiro

[Romain Manni-Bucau <rm...@gmail.com>]

Surely something for shiro list but I see nothing blocking, shiro
supports sessionless impl and is pluggable enough to use the token you
want (IIRC github has some oauth integration for instance)


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2014-11-19 11:15 GMT+01:00 Alex Soto <as...@gmail.com>:
> Yes, the problem is that we want to create a REST project and we want to
> use stateless security with tokens and I am not sure if we will be able to
> do this in Shiro in some easy way.
>
> El Wed Nov 19 2014 at 10:58:30 AM, Romain Manni-Bucau (<
> rmannibucau@gmail.com>) va escriure:
>
>> With JL we used a @Singleton @Startup to set up it. That said default
>> usage is great and using and using a localized "bridge" to CDI is the
>> most maintainable way to proceed ATM IMHO (ie using BeanProvider)
>>
>>
>> Romain Manni-Bucau
>> @rmannibucau
>> http://www.tomitribe.com
>> http://rmannibucau.wordpress.com
>> https://github.com/rmannibucau
>>
>>
>> 2014-11-19 10:48 GMT+01:00 Alex Soto <as...@gmail.com>:
>> > I have been reading and it seems that I will not be able to use it
>> without
>> > setting a filter in web.xml. Maybe I can create an ApplicationScope bean
>> > and create the DefaultSecuritymanager, but not sure if this is going to
>> > become unmaintainable or not.
>> >
>> > El Tue Nov 18 2014 at 4:20:35 PM, Alex Soto (<as...@gmail.com>) va
>> > escriure:
>> >
>> >> Thank you so much I will take a look :)
>> >>
>> >> El Tue Nov 18 2014 at 3:41:11 PM, Alexander Wagner (<
>> >> alexander.wagner@inside-m2m.de>) va escriure:
>> >>
>> >> Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
>> >>> > Am 18.11.2014 um 15:30 schrieb Alex Soto:
>> >>> >> Hello,
>> >>> >>
>> >>> >> I want to create an application using jax-rs2 and securized by using
>> >>> >> Apache
>> >>> >> Shiro. Do you know any example on how to do this? I have read that
>> you
>> >>> >> need
>> >>> >> to create a filter, and listener and so on, but in case of jax-rs I
>> >>> don't
>> >>> >> think it has much sense to do this and because we are under CDI we
>> can
>> >>> >> register the required classes using CDI instead of relying to
>> web.xml.
>> >>> >>
>> >>> >> Is there any way to do this?
>> >>> >>
>> >>> >
>> >>> > This might also be a good starting point:
>> >>> > https://cwiki.apache.org/confluence/display/SHIRO/
>> Session+Management#
>> >>> SessionManagement-StatelessApplications%28Sessionless%29
>> >>> >
>> >>> >
>> >>> > Best Regards
>> >>> > Alexander Wagner
>> >>> >
>> >>> ok its not cdi related;-)
>> >>>
>> >>>
>>

Re: Apache Shiro

[Alex Soto <as...@gmail.com>]

Yes, the problem is that we want to create a REST project and we want to
use stateless security with tokens and I am not sure if we will be able to
do this in Shiro in some easy way.

El Wed Nov 19 2014 at 10:58:30 AM, Romain Manni-Bucau (<
rmannibucau@gmail.com>) va escriure:

> With JL we used a @Singleton @Startup to set up it. That said default
> usage is great and using and using a localized "bridge" to CDI is the
> most maintainable way to proceed ATM IMHO (ie using BeanProvider)
>
>
> Romain Manni-Bucau
> @rmannibucau
> http://www.tomitribe.com
> http://rmannibucau.wordpress.com
> https://github.com/rmannibucau
>
>
> 2014-11-19 10:48 GMT+01:00 Alex Soto <as...@gmail.com>:
> > I have been reading and it seems that I will not be able to use it
> without
> > setting a filter in web.xml. Maybe I can create an ApplicationScope bean
> > and create the DefaultSecuritymanager, but not sure if this is going to
> > become unmaintainable or not.
> >
> > El Tue Nov 18 2014 at 4:20:35 PM, Alex Soto (<as...@gmail.com>) va
> > escriure:
> >
> >> Thank you so much I will take a look :)
> >>
> >> El Tue Nov 18 2014 at 3:41:11 PM, Alexander Wagner (<
> >> alexander.wagner@inside-m2m.de>) va escriure:
> >>
> >> Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
> >>> > Am 18.11.2014 um 15:30 schrieb Alex Soto:
> >>> >> Hello,
> >>> >>
> >>> >> I want to create an application using jax-rs2 and securized by using
> >>> >> Apache
> >>> >> Shiro. Do you know any example on how to do this? I have read that
> you
> >>> >> need
> >>> >> to create a filter, and listener and so on, but in case of jax-rs I
> >>> don't
> >>> >> think it has much sense to do this and because we are under CDI we
> can
> >>> >> register the required classes using CDI instead of relying to
> web.xml.
> >>> >>
> >>> >> Is there any way to do this?
> >>> >>
> >>> >
> >>> > This might also be a good starting point:
> >>> > https://cwiki.apache.org/confluence/display/SHIRO/
> Session+Management#
> >>> SessionManagement-StatelessApplications%28Sessionless%29
> >>> >
> >>> >
> >>> > Best Regards
> >>> > Alexander Wagner
> >>> >
> >>> ok its not cdi related;-)
> >>>
> >>>
>

Re: Apache Shiro

[Romain Manni-Bucau <rm...@gmail.com>]

With JL we used a @Singleton @Startup to set up it. That said default
usage is great and using and using a localized "bridge" to CDI is the
most maintainable way to proceed ATM IMHO (ie using BeanProvider)


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2014-11-19 10:48 GMT+01:00 Alex Soto <as...@gmail.com>:
> I have been reading and it seems that I will not be able to use it without
> setting a filter in web.xml. Maybe I can create an ApplicationScope bean
> and create the DefaultSecuritymanager, but not sure if this is going to
> become unmaintainable or not.
>
> El Tue Nov 18 2014 at 4:20:35 PM, Alex Soto (<as...@gmail.com>) va
> escriure:
>
>> Thank you so much I will take a look :)
>>
>> El Tue Nov 18 2014 at 3:41:11 PM, Alexander Wagner (<
>> alexander.wagner@inside-m2m.de>) va escriure:
>>
>> Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
>>> > Am 18.11.2014 um 15:30 schrieb Alex Soto:
>>> >> Hello,
>>> >>
>>> >> I want to create an application using jax-rs2 and securized by using
>>> >> Apache
>>> >> Shiro. Do you know any example on how to do this? I have read that you
>>> >> need
>>> >> to create a filter, and listener and so on, but in case of jax-rs I
>>> don't
>>> >> think it has much sense to do this and because we are under CDI we can
>>> >> register the required classes using CDI instead of relying to web.xml.
>>> >>
>>> >> Is there any way to do this?
>>> >>
>>> >
>>> > This might also be a good starting point:
>>> > https://cwiki.apache.org/confluence/display/SHIRO/Session+Management#
>>> SessionManagement-StatelessApplications%28Sessionless%29
>>> >
>>> >
>>> > Best Regards
>>> > Alexander Wagner
>>> >
>>> ok its not cdi related;-)
>>>
>>>

Re: Apache Shiro

[Alex Soto <as...@gmail.com>]

I have been reading and it seems that I will not be able to use it without
setting a filter in web.xml. Maybe I can create an ApplicationScope bean
and create the DefaultSecuritymanager, but not sure if this is going to
become unmaintainable or not.

El Tue Nov 18 2014 at 4:20:35 PM, Alex Soto (<as...@gmail.com>) va
escriure:

> Thank you so much I will take a look :)
>
> El Tue Nov 18 2014 at 3:41:11 PM, Alexander Wagner (<
> alexander.wagner@inside-m2m.de>) va escriure:
>
> Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
>> > Am 18.11.2014 um 15:30 schrieb Alex Soto:
>> >> Hello,
>> >>
>> >> I want to create an application using jax-rs2 and securized by using
>> >> Apache
>> >> Shiro. Do you know any example on how to do this? I have read that you
>> >> need
>> >> to create a filter, and listener and so on, but in case of jax-rs I
>> don't
>> >> think it has much sense to do this and because we are under CDI we can
>> >> register the required classes using CDI instead of relying to web.xml.
>> >>
>> >> Is there any way to do this?
>> >>
>> >
>> > This might also be a good starting point:
>> > https://cwiki.apache.org/confluence/display/SHIRO/Session+Management#
>> SessionManagement-StatelessApplications%28Sessionless%29
>> >
>> >
>> > Best Regards
>> > Alexander Wagner
>> >
>> ok its not cdi related;-)
>>
>>

Re: Apache Shiro

[Alex Soto <as...@gmail.com>]

Thank you so much I will take a look :)

El Tue Nov 18 2014 at 3:41:11 PM, Alexander Wagner (<
alexander.wagner@inside-m2m.de>) va escriure:

> Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
> > Am 18.11.2014 um 15:30 schrieb Alex Soto:
> >> Hello,
> >>
> >> I want to create an application using jax-rs2 and securized by using
> >> Apache
> >> Shiro. Do you know any example on how to do this? I have read that you
> >> need
> >> to create a filter, and listener and so on, but in case of jax-rs I
> don't
> >> think it has much sense to do this and because we are under CDI we can
> >> register the required classes using CDI instead of relying to web.xml.
> >>
> >> Is there any way to do this?
> >>
> >
> > This might also be a good starting point:
> > https://cwiki.apache.org/confluence/display/SHIRO/Session+Management#
> SessionManagement-StatelessApplications%28Sessionless%29
> >
> >
> > Best Regards
> > Alexander Wagner
> >
> ok its not cdi related;-)
>
>

Re: Apache Shiro

[Alexander Wagner <al...@inside-m2m.de>]

Am 18.11.2014 um 15:39 schrieb Alexander Wagner:
> Am 18.11.2014 um 15:30 schrieb Alex Soto:
>> Hello,
>>
>> I want to create an application using jax-rs2 and securized by using
>> Apache
>> Shiro. Do you know any example on how to do this? I have read that you
>> need
>> to create a filter, and listener and so on, but in case of jax-rs I don't
>> think it has much sense to do this and because we are under CDI we can
>> register the required classes using CDI instead of relying to web.xml.
>>
>> Is there any way to do this?
>>
>
> This might also be a good starting point:
> https://cwiki.apache.org/confluence/display/SHIRO/Session+Management#SessionManagement-StatelessApplications%28Sessionless%29
>
>
> Best Regards
> Alexander Wagner
>
ok its not cdi related;-)

Re: Apache Shiro

[Alexander Wagner <al...@inside-m2m.de>]

Am 18.11.2014 um 15:30 schrieb Alex Soto:
> Hello,
>
> I want to create an application using jax-rs2 and securized by using Apache
> Shiro. Do you know any example on how to do this? I have read that you need
> to create a filter, and listener and so on, but in case of jax-rs I don't
> think it has much sense to do this and because we are under CDI we can
> register the required classes using CDI instead of relying to web.xml.
>
> Is there any way to do this?
>

This might also be a good starting point: 
https://cwiki.apache.org/confluence/display/SHIRO/Session+Management#SessionManagement-StatelessApplications%28Sessionless%29

Best Regards
Alexander Wagner

Re: Apache Shiro

[Romain Manni-Bucau <rm...@gmail.com>]

hi Alex

I know pax has some support
https://ops4j1.jira.com/wiki/display/PAXSHIRO/CDI+Support

not sure why my patch was not accepted yet
https://issues.apache.org/jira/browse/SHIRO-337


Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau


2014-11-18 15:30 GMT+01:00 Alex Soto <as...@gmail.com>:
> Hello,
>
> I want to create an application using jax-rs2 and securized by using Apache
> Shiro. Do you know any example on how to do this? I have read that you need
> to create a filter, and listener and so on, but in case of jax-rs I don't
> think it has much sense to do this and because we are under CDI we can
> register the required classes using CDI instead of relying to web.xml.
>
> Is there any way to do this?