You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by manitas <ma...@gmail.com> on 2011/08/10 19:13:00 UTC
Guice + shiro + jersey
Hello
I'm a beginner with shiro and I I've tried to follow the documentation
related to guice + shiro but I've the following error
java.lang.NoClassDefFoundError: com/google/inject/multibindings/Multibinder
at org.apache.shiro.guice.ShiroModule.bindRealm
I'm using
guice 3
shiro 1.2 snapshot
jersey 1.8
in tomcat 7
I'm trying to expose MyDataResource with Jersey REST framework. It has
stopped working since I'v tried to add shiro.
I'm certainly missing something but I don't know what.
here is my code :
****************************************
public class MyGuiceServletContextListener extends
GuiceServletContextListener {
private ServletContext servletContext;
@Override
protected Injector getInjector() {
Injector injector = Guice.createInjector(new
MyShiroWebModule(servletContext), new ShiroAopModule(), new
JerseyServletModule() {
@Override
protected void configureServlets() {
bind(MyDataResource.class);
serve("/*").with(GuiceContainer.class);
}
});
return injector;
}
@Override
public void contextInitialized(ServletContextEvent servletContextEvent)
{
servletContext = servletContextEvent.getServletContext();
super.contextInitialized(servletContextEvent);
}
}
*****************************
class MyShiroWebModule extends ShiroWebModule {
MyShiroWebModule(ServletContext servletContext) {
super(servletContext);
}
protected void configureShiroWeb() {
bindRealm().to(MyShiroRealm.class).in(Singleton.class);
addFilterChain("/**", ANON);
addFilterChain("/data/add/**", AUTHC_BASIC, config(PERMS, "yes"));
}
}
****************************************
public class MyShiroRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
if (username == null) {
throw new AccountException("Null usernames are not allowed by this
realm.");
}
String password = "password";
return new SimpleAuthenticationInfo(username, password, this.getName());
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument
cannot be null.");
}
String username = (String)
principals.fromRealm(getName()).iterator().next();
Set<String> roleNames = ImmutableSet.of();
if (username != null) {
roleNames = ImmutableSet.of("admin", "user");
}
return new SimpleAuthorizationInfo(roleNames);
}
}
***************************************************
Thanks in advance for your help.
By the way, Is there somewhere on internet a complete example of
ShiroWebModule usage ?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6673315.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Kalle Korhonen <ka...@gmail.com>.
On Fri, Aug 12, 2011 at 10:29 AM, manitas <ma...@gmail.com> wrote:
> Maybe I can try to help you to do this demo application.
> To follow your advice, I'm trying to start developping it with maven but the
> following artifact doesn't work for me :
> I've the following error :
> ArtifactDescriptorException: Failed to read artifact descriptor for
> org.apache.shiro:shiro-core:jar:1.2.0-SNAPSHOT: ArtifactResolutionException:
> Could not transfer artifact org.apache.shiro:shiro-core:pom:1.2.0-SNAPSHOT
> from/to maven-repository.java.net (http://download.java.net/maven/1): No
> Do I need to add a particular repository ?
Maven built Apache snapshots are in Apache snapshot repository:
https://repository.apache.org/content/groups/snapshots/
Kalle
Re: Guice + shiro + jersey
Posted by manitas <ma...@gmail.com>.
Ok thanks, let's take one example that doesn't work for me with
guice-persist. In fact I need to inject an entity manager into my realm so
that I can use JPA queries.
I don't know if you're familiar with guice-persist but it's normally quite
easy to use it by only adding a module (by the way, this new module extends
AbstractModule, so it's not a PrivateModule)
Here is the short doc :
http://code.google.com/p/google-guice/wiki/JPA
As ShiroWebModule doesn't extend ServletModule i can't use this code :
filter("/*").through(PersistFilter.class);
so I will use "MyInitializer" method described in the doc
So here is what I have in MyServletContextListener
******************
@Override
protected Injector getInjector() {
Injector injector = Guice.createInjector(
new JpaPersistModule("mydb"),
new MyShiroWebModule(servletContext),
new ShiroAopModule(),
new myModule()
);
injector.getInstance(MyInitializer.class);
return injector;
}
******************
in MyInitializer
******************
public class MyInitializer {
@Inject MyInitializer(PersistService service) {
service.start();
}
}
******************
in my ShiroRealm
******************
public class MyShiroRealm extends AuthorizingRealm {
@Inject EntityManager em;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
.....
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
...
}
}
******************
in MyShiroWebModule
******************
protected void configureShiroWeb() {
bind(MyShiroRealm.class);
bindRealm().to(MyShiroRealm.class).in(Singleton.class);
expose(MyShiroRealm.class);
...
}
******************
So my problem is that the injection work for class located in MyModule which
is extending an AbstractModule but not for MyShiroRealm binded in
MySHiroWebModule.
Thanks in advance for your help.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6706207.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
On 08/17/2011 10:11 AM, manitas wrote:
> Great investigation ! I hope this will solve the "deprecated api" issue.
Well, the fact remains that we need access to the ServletContext in
singletons, and guice-servlet doesn't provide a ServletContext (w/o the
warning) until after singletons are instantiated. So we have to provide
one.
That being said, I consider the "deprecated api" issue to be resolved -
there is a solution for it in svn and the warnings don't appear anymore.
> I've another issue due to the fact that ShiroModule is a private module. I
> do not know how to expose one of my custom realm. I need to inject some
> elements in it from another module.
Does expose(MyCustomRealm1.class) not work for you? In addition, if you
need to inject elements into it, then it doesn't need to be exposed at
all - it has full access to anything outside of ShiroModule (provided
those things aren't also in a PrivateModule). The dependency is what
needs to be exposed.
> I've seen that there is a work around but I'm sure to know how to use it in
> that case :
> http://markmail.org/message/pvjcz5akerw3ynae#query:+page:1+mid:pvjcz5akerw3ynae+state:results
> maybe you can help me on that point.
Do you need the list? Or do you need specific realms?
> Another point I've seen in the ShiroModule code is that you encapsulate
> guice multibinding mechanism in the bindRealm() function. IMHO, I'm not sure
> this is a good idea because end users need to know which mechanism is used
> behind. I think that the main goal of the shiro-guice library is to
> encapsulate internal configuration of shiro but not guice mechanisms and
> particularly on this part directly used by the end users.
The bindRealm method encapsulates how realms are provided to the
SecurityManager. The fact that it uses Multibinder is an implementation
detail that I'd rather not expose.
If you really need access to the collection of realms, I recommend
binding to:
Collection<Realm>
You would also need to expose that key if you needed access to it
outside of Shiro.
Just so that you know, this is what I meant by encouraging good
practices. The Realm is an interface whose primary purpose is to be
implemented by the end user and consumed by the framework. The intended
manner of interacting with the framework is through the SecurityManager.
That being said, I fully understand that some situations call for using
the framework slightly different than intended and that good practices
rightfully fall victim to the realities of a situation. That's why I am
more than happy to help you figure out what you need to get your
application working but I don't feel it is how we should set things up
by default.
Thanks,
Jared
Re: Guice + shiro + jersey
Posted by manitas <ma...@gmail.com>.
Great investigation ! I hope this will solve the "deprecated api" issue.
I've another issue due to the fact that ShiroModule is a private module. I
do not know how to expose one of my custom realm. I need to inject some
elements in it from another module.
I've seen that there is a work around but I'm sure to know how to use it in
that case :
http://markmail.org/message/pvjcz5akerw3ynae#query:+page:1+mid:pvjcz5akerw3ynae+state:results
maybe you can help me on that point.
Another point I've seen in the ShiroModule code is that you encapsulate
guice multibinding mechanism in the bindRealm() function. IMHO, I'm not sure
this is a good idea because end users need to know which mechanism is used
behind. I think that the main goal of the shiro-guice library is to
encapsulate internal configuration of shiro but not guice mechanisms and
particularly on this part directly used by the end users.
I don't think that end users that choose to use guice will be afraid to
write :
Multibinder<Realm> multibinder = Multibinder.newSetBinder(binder(),
Realm.class);
multibinder.addBinding().to(MyCustomRealm1);
multibinder.addBinding().to(MyCustomRealm2);
Thanks in advance for your help.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6695831.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by ryannelsonaz <mw...@hotmail.com>.
Jared, let me know if you run into any issues on the copyright front. The
code can easily be reworked if necessary.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6688384.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Filipe Sousa <na...@gmail.com>.
The warning comes from here (InternalServletModule.java):
@Singleton
static class BackwardsCompatibleServletContextProvider implements
Provider<ServletContext> {
private ServletContext injectedServletContext;
// This setter is called by the GuiceServletContextListener
void set(ServletContext injectedServletContext) {
this.injectedServletContext = injectedServletContext;
}
public ServletContext get() {
if (null != injectedServletContext) {
return injectedServletContext;
}
Logger.getLogger(InternalServletModule.class.getName())
.warning("You are attempting to use a deprecated API (specifically,"
+ " attempting to @Inject ServletContext inside an eagerly created"
+ " singleton. While we allow this for backwards compatibility, be"
+ " warned that this MAY have unexpected behavior if you have more"
+ " than one injector (with ServletModule) running in the same JVM."
+ " Please consult the Guice documentation at"
+ " http://code.google.com/p/google-guice/wiki/Servlets for more"
+ " information.");
return GuiceFilter.getServletContext();
}
}
The setter is called by the GuiceServletContextListener:
Injector injector = getInjector();
injector.getInstance(InternalServletModule.BackwardsCompatibleServletContextProvider.class)
.set(servletContext);
It seems that binding TestServlet.class in configureServlets() is
calling BackwardsCompatibleServletContextProvider.get() before
BackwardsCompatibleServletContextProvider.set() and hence the warning.
Injecting a ServletContext with a provider should not trigger the warning:
Provider<ServletContext> serlvetContext
On Tue, Aug 16, 2011 at 2:35 PM, Jared Bunting
<ja...@peachjean.com> wrote:
> Actually, this deserves a touch more investigation. You are correct, in
> your code, even changing Stage.DEVELOPMENT to Stage.PRODUCTION will not
> generate the error.
>
> However, doing that and adding
>
> bind(TestServlet.class)
>
> to TestServletModule will.
>
> It appears that classes referenced solely through serve().with() and
> filter().with() aren't actually bound in the same way as bind(). This
> is important because there are classes in shiro that are not filters
> that require the ServletContext. In addition, shiro filter chains are
> not bound using the filter() method.
>
> -Jared
>
> On 08/16/2011 08:24 AM, Jared Bunting wrote:
>> The warning specifies "eager singleton". You've worked around that by
>> making your singleton non-eager.
>>
>> Now try creating your injector with "Stage.PRODUCTION". In production
>> stage, all singletons are eager. Hence the problem.
>>
>> -Jared
>>
>> On 08/16/2011 04:56 AM, Filipe Sousa wrote:
>>> On Mon, Aug 15, 2011 at 1:37 PM, Jared Bunting
>>> <ja...@peachjean.com> wrote:
>>> ...
>>>>> it would solve the following issue
>>>>> https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
>>>>> inject ServletContext.
>>>> I don't believe this is true. When I attempted to define a singleton in
>>>> a ServletModule that injected ServletContext, I got the same deprecation
>>>> warning. I am led to believe that guice-servlets does not intend to
>>>> support any ServletContext injected into a singleton.
>>> I'm not so sure about that. I did a simple test with ServletModule and
>>> I'm not getting the warning:
>>>
>>> public class GuiceListener extends GuiceServletContextListener {
>>> @Override
>>> protected Injector getInjector() {
>>> return Guice.createInjector(Stage.DEVELOPMENT, new TestServletModule());
>>> }
>>> }
>>>
>>> public class TestServletModule extends ServletModule {
>>> @Override
>>> protected void configureServlets() {
>>> serve("/test").with(TestServlet.class);
>>> }
>>> }
>>>
>>> @Singleton
>>> public class TestSingleton {
>>> private final ServletContext context;
>>>
>>> @Inject
>>> public TestSingleton(ServletContext context) {
>>> this.context = context;
>>> }
>>> }
>>>
>>> @Singleton
>>> public class TestServlet extends HttpServlet {
>>> private static final long serialVersionUID = 1L;
>>> private final ServletContext context1;
>>> private final Provider<ServletContext> context2;
>>> private final TestSingleton testSingleton;
>>>
>>> @Inject
>>> public TestServlet(ServletContext context1, Provider<ServletContext> context2,
>>> TestSingleton testSingleton) {
>>> this.context1 = context1;
>>> this.context2 = context2;
>>> this.testSingleton = testSingleton;
>>> }
>>>
>>> @Override
>>> protected void doGet(HttpServletRequest req, HttpServletResponse resp)
>>> throws ServletException, IOException {
>>> PrintWriter w = resp.getWriter();
>>> w.print("context1=");
>>> w.println(context1);
>>> w.print("context2=");
>>> w.println(context2.get());
>>> }
>>> }
>>>
>
>
--
Filipe Sousa
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
Actually, this deserves a touch more investigation. You are correct, in
your code, even changing Stage.DEVELOPMENT to Stage.PRODUCTION will not
generate the error.
However, doing that and adding
bind(TestServlet.class)
to TestServletModule will.
It appears that classes referenced solely through serve().with() and
filter().with() aren't actually bound in the same way as bind(). This
is important because there are classes in shiro that are not filters
that require the ServletContext. In addition, shiro filter chains are
not bound using the filter() method.
-Jared
On 08/16/2011 08:24 AM, Jared Bunting wrote:
> The warning specifies "eager singleton". You've worked around that by
> making your singleton non-eager.
>
> Now try creating your injector with "Stage.PRODUCTION". In production
> stage, all singletons are eager. Hence the problem.
>
> -Jared
>
> On 08/16/2011 04:56 AM, Filipe Sousa wrote:
>> On Mon, Aug 15, 2011 at 1:37 PM, Jared Bunting
>> <ja...@peachjean.com> wrote:
>> ...
>>>> it would solve the following issue
>>>> https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
>>>> inject ServletContext.
>>> I don't believe this is true. When I attempted to define a singleton in
>>> a ServletModule that injected ServletContext, I got the same deprecation
>>> warning. I am led to believe that guice-servlets does not intend to
>>> support any ServletContext injected into a singleton.
>> I'm not so sure about that. I did a simple test with ServletModule and
>> I'm not getting the warning:
>>
>> public class GuiceListener extends GuiceServletContextListener {
>> @Override
>> protected Injector getInjector() {
>> return Guice.createInjector(Stage.DEVELOPMENT, new TestServletModule());
>> }
>> }
>>
>> public class TestServletModule extends ServletModule {
>> @Override
>> protected void configureServlets() {
>> serve("/test").with(TestServlet.class);
>> }
>> }
>>
>> @Singleton
>> public class TestSingleton {
>> private final ServletContext context;
>>
>> @Inject
>> public TestSingleton(ServletContext context) {
>> this.context = context;
>> }
>> }
>>
>> @Singleton
>> public class TestServlet extends HttpServlet {
>> private static final long serialVersionUID = 1L;
>> private final ServletContext context1;
>> private final Provider<ServletContext> context2;
>> private final TestSingleton testSingleton;
>>
>> @Inject
>> public TestServlet(ServletContext context1, Provider<ServletContext> context2,
>> TestSingleton testSingleton) {
>> this.context1 = context1;
>> this.context2 = context2;
>> this.testSingleton = testSingleton;
>> }
>>
>> @Override
>> protected void doGet(HttpServletRequest req, HttpServletResponse resp)
>> throws ServletException, IOException {
>> PrintWriter w = resp.getWriter();
>> w.print("context1=");
>> w.println(context1);
>> w.print("context2=");
>> w.println(context2.get());
>> }
>> }
>>
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
The warning specifies "eager singleton". You've worked around that by
making your singleton non-eager.
Now try creating your injector with "Stage.PRODUCTION". In production
stage, all singletons are eager. Hence the problem.
-Jared
On 08/16/2011 04:56 AM, Filipe Sousa wrote:
> On Mon, Aug 15, 2011 at 1:37 PM, Jared Bunting
> <ja...@peachjean.com> wrote:
> ...
>>> it would solve the following issue
>>> https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
>>> inject ServletContext.
>> I don't believe this is true. When I attempted to define a singleton in
>> a ServletModule that injected ServletContext, I got the same deprecation
>> warning. I am led to believe that guice-servlets does not intend to
>> support any ServletContext injected into a singleton.
> I'm not so sure about that. I did a simple test with ServletModule and
> I'm not getting the warning:
>
> public class GuiceListener extends GuiceServletContextListener {
> @Override
> protected Injector getInjector() {
> return Guice.createInjector(Stage.DEVELOPMENT, new TestServletModule());
> }
> }
>
> public class TestServletModule extends ServletModule {
> @Override
> protected void configureServlets() {
> serve("/test").with(TestServlet.class);
> }
> }
>
> @Singleton
> public class TestSingleton {
> private final ServletContext context;
>
> @Inject
> public TestSingleton(ServletContext context) {
> this.context = context;
> }
> }
>
> @Singleton
> public class TestServlet extends HttpServlet {
> private static final long serialVersionUID = 1L;
> private final ServletContext context1;
> private final Provider<ServletContext> context2;
> private final TestSingleton testSingleton;
>
> @Inject
> public TestServlet(ServletContext context1, Provider<ServletContext> context2,
> TestSingleton testSingleton) {
> this.context1 = context1;
> this.context2 = context2;
> this.testSingleton = testSingleton;
> }
>
> @Override
> protected void doGet(HttpServletRequest req, HttpServletResponse resp)
> throws ServletException, IOException {
> PrintWriter w = resp.getWriter();
> w.print("context1=");
> w.println(context1);
> w.print("context2=");
> w.println(context2.get());
> }
> }
>
Re: Guice + shiro + jersey
Posted by Filipe Sousa <na...@gmail.com>.
On Mon, Aug 15, 2011 at 1:37 PM, Jared Bunting
<ja...@peachjean.com> wrote:
...
>> it would solve the following issue
>> https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
>> inject ServletContext.
> I don't believe this is true. When I attempted to define a singleton in
> a ServletModule that injected ServletContext, I got the same deprecation
> warning. I am led to believe that guice-servlets does not intend to
> support any ServletContext injected into a singleton.
I'm not so sure about that. I did a simple test with ServletModule and
I'm not getting the warning:
public class GuiceListener extends GuiceServletContextListener {
@Override
protected Injector getInjector() {
return Guice.createInjector(Stage.DEVELOPMENT, new TestServletModule());
}
}
public class TestServletModule extends ServletModule {
@Override
protected void configureServlets() {
serve("/test").with(TestServlet.class);
}
}
@Singleton
public class TestSingleton {
private final ServletContext context;
@Inject
public TestSingleton(ServletContext context) {
this.context = context;
}
}
@Singleton
public class TestServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private final ServletContext context1;
private final Provider<ServletContext> context2;
private final TestSingleton testSingleton;
@Inject
public TestServlet(ServletContext context1, Provider<ServletContext> context2,
TestSingleton testSingleton) {
this.context1 = context1;
this.context2 = context2;
this.testSingleton = testSingleton;
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
PrintWriter w = resp.getWriter();
w.print("context1=");
w.println(context1);
w.print("context2=");
w.println(context2.get());
}
}
--
Filipe Sousa
Re: Guice + shiro + jersey
Posted by Kalle Korhonen <ka...@gmail.com>.
On Mon, Aug 15, 2011 at 5:37 AM, Jared Bunting
<ja...@peachjean.com> wrote:
> On 08/14/2011 07:20 PM, manitas wrote:
>> It would be nice to put this demo in a standard maven format and push it to
>> a code repository so that everyone can contribute.
> I've got the sample project added as a maven module (and working) but I
> want to resolve SHIRO-283 first. I also need to do a little bit of
> homework on the copyrights - I know that Ryan essentially ported the
> spring security tutorial, so I want to make sure we have everything
> properly attributed.
First, is the original tutorial under Apache license? If so, it's ok
to copy and modify (section 2 in
http://www.apache.org/licenses/LICENSE-2.0). If it was copied from a
web page tutorial that doesn't explicitly say anything about the
license or copyrights, it's generally not ok.
Second, let's be conservative about adding examples. It may be
warranted in this case but showcasing all the use cases of Shiro can
quickly lead to unmaintainable level of various examples. Every line
of code we add also needs to be maintained.
Kalle
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
On 08/14/2011 07:20 PM, manitas wrote:
> Great !
>
> It would be nice to put this demo in a standard maven format and push it to
> a code repository so that everyone can contribute.
I've got the sample project added as a maven module (and working) but I
want to resolve SHIRO-283 first. I also need to do a little bit of
homework on the copyrights - I know that Ryan essentially ported the
spring security tutorial, so I want to make sure we have everything
properly attributed.
> I'm ok to help, do you want me to do this ?
>
> S
> By the way, I have looked at the shiro-guice code and I have questions about
> technical choices. Could you please tell me :
> - What are the reasons why ShiroModule is a PrivateModule ?
The reason for this is to encourage good practices.
Application code that is outside of the ShiroModule should really be
interacting with the SecurityManager. Note that if your case has
special needs, you can always expose another binding. However, I
thought it was important not to expose all of Shiro.
> -Why ShiroWebModule doesn't extend ServletModule to take advantage of what
> offers guice for web app ?
I thought a good deal about this. The conclusion I reached was, in
large part, based on the above statement about private modules. A
module can't be both a servlet module and a private module. In
addition, in order for ShiroWebModule to extend ServletModule, it would
not be able to extend ShiroModule. On top of that, what does the
ServletModule really give us in this case? Basically, its an easy way
to define filters and servlets. Well, not only is that not something
that really makes sense in the ShiroWebModule, but it could potentially
confuse the issue with defining shiro filter chains, and introduce
another set of errors.
> it would solve the following issue
> https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
> inject ServletContext.
I don't believe this is true. When I attempted to define a singleton in
a ServletModule that injected ServletContext, I got the same deprecation
warning. I am led to believe that guice-servlets does not intend to
support any ServletContext injected into a singleton.
> Thanks in advance for your help.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6685940.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Thanks,
Jared
Re: Guice + shiro + jersey
Posted by manitas <ma...@gmail.com>.
Great !
It would be nice to put this demo in a standard maven format and push it to
a code repository so that everyone can contribute.
I'm ok to help, do you want me to do this ?
By the way, I have looked at the shiro-guice code and I have questions about
technical choices. Could you please tell me :
- What are the reasons why ShiroModule is a PrivateModule ?
-Why ShiroWebModule doesn't extend ServletModule to take advantage of what
offers guice for web app ?
it would solve the following issue
https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to
inject ServletContext.
Thanks in advance for your help.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6685940.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by ryannelsonaz <mw...@hotmail.com>.
Jared Bunting-2 wrote:
>
> Good deal. If you want to go ahead and contribute what you have, we can
> probably get those annotation issues worked out pretty quickly.
>
Done. https://issues.apache.org/jira/browse/SHIRO-320
I'd love to see your solution.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6682070.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
Good deal. If you want to go ahead and contribute what you have, we can
probably get those annotation issues worked out pretty quickly.
On 08/12/2011 04:26 PM, ryannelsonaz wrote:
> Jared Bunting-2 wrote:
>> I would certainly welcome that. I do know that there was another user
>> working on a port of the spring-security demo who was interested in
>> contributing that work.
>>
> That was me, and I'm still doing it. My question in the other thread is an
> effort to get that demo finished. :)
>
> If I removed the use of annotations, it would be ready now. But I'd like to
> be able to showcase the different ways Shiro lets you secure resources.
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6681808.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by ryannelsonaz <mw...@hotmail.com>.
Jared Bunting-2 wrote:
>
> I would certainly welcome that. I do know that there was another user
> working on a port of the spring-security demo who was interested in
> contributing that work.
>
That was me, and I'm still doing it. My question in the other thread is an
effort to get that demo finished. :)
If I removed the use of annotations, it would be ready now. But I'd like to
be able to showcase the different ways Shiro lets you secure resources.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6681808.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
On 08/12/2011 12:29 PM, manitas wrote:
> Maybe I can try to help you to do this demo application.
>
I would certainly welcome that. I do know that there was another user
working on a port of the spring-security demo who was interested in
contributing that work.
> To follow your advice, I'm trying to start developping it with maven but the
> following artifact doesn't work for me :
>
> <dependency>
> <groupId>org.apache.shiro</groupId>
> <artifactId>shiro-core</artifactId>
> <version>1.2.0-SNAPSHOT</version>
> </dependency>
>
> <dependency>
> <groupId>org.apache.shiro</groupId>
> <artifactId>shiro-guice</artifactId>
> <version>1.2.0-SNAPSHOT</version>
> </dependency>
>
> I've the following error :
>
> ArtifactDescriptorException: Failed to read artifact descriptor for
> org.apache.shiro:shiro-core:jar:1.2.0-SNAPSHOT: ArtifactResolutionException:
> Could not transfer artifact org.apache.shiro:shiro-core:pom:1.2.0-SNAPSHOT
> from/to maven-repository.java.net (http://download.java.net/maven/1): No
> connector available to access repository maven-repository.java.net
> (http://download.java.net/maven/1) of type legacy using the available
> factories AsyncRepositoryConnectorFactory, WagonRepositoryConnectorFactory
> pom.xml
> Maven Dependency Problem
>
> Do I need to add a particular repository ?
>
Yep. You'll either need to check out the shiro trunk and build it
locally, or add apache's snapshot repository.
This is a good resource on that:
http://www.apache.org/dev/repository-faq.html
And the necessary repository is here:
https://repository.apache.org/content/repositories/snapshots/
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6681116.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by manitas <ma...@gmail.com>.
Maybe I can try to help you to do this demo application.
To follow your advice, I'm trying to start developping it with maven but the
following artifact doesn't work for me :
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-guice</artifactId>
<version>1.2.0-SNAPSHOT</version>
</dependency>
I've the following error :
ArtifactDescriptorException: Failed to read artifact descriptor for
org.apache.shiro:shiro-core:jar:1.2.0-SNAPSHOT: ArtifactResolutionException:
Could not transfer artifact org.apache.shiro:shiro-core:pom:1.2.0-SNAPSHOT
from/to maven-repository.java.net (http://download.java.net/maven/1): No
connector available to access repository maven-repository.java.net
(http://download.java.net/maven/1) of type legacy using the available
factories AsyncRepositoryConnectorFactory, WagonRepositoryConnectorFactory
pom.xml
Maven Dependency Problem
Do I need to add a particular repository ?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6681116.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
On 08/11/2011 11:29 AM, manitas wrote:
> Yes I think it would be great to have a small complete example containing
> best practices for guice integration.
>
Sounds reasonable to me. https://issues.apache.org/jira/browse/SHIRO-320
> In fact my rest application works fine without shiro. Andit's not so easy to
> add shiro and make it work.
>
> First of all I need the ServletContext to construct MyShiroWebModule. Where
> do I get it ?
> I have used this snippet found on this forum but I'm not sure this is the
> best way to achieve that
> *********************
> public class MyGuiceServletContextListener extends
> GuiceServletContextListener {
> private ServletContext servletContext;
>
> ....other stuff ...
>
> @Override
> public void contextInitialized(ServletContextEvent servletContextEvent)
> {
> servletContext = servletContextEvent.getServletContext();
> super.contextInitialized(servletContextEvent);
> }
> }
> *********************
This is currently the best way to do this. I recognize that this isn't
ideal, so I'll try to explain the underlying issue.
Shiro has classes that are, by their nature, singletons. These classes
require the injection of a ServletContext. guice-servlet does not
support (or at least claims the functionality is deprecated) injecting a
ServletContext on singleton objects. So, we have to provide that object
to the singleton scope.
I am certainly open for ideas to alleviate this issue in a cleaner manner.
> Then, when I add the ShiroWebModule I have to add the following jars :
>
> guice-multibinding
> org.apache.common.BeanUtils
> org.apache.common.Logging
>
> I've not found those dependencies in the doc except for the
> org.apache.common.BeanUtils which is normally "only" required if using INI
> config. That's not my case.
> By the way I'm not sure to understand why guice multibinding is needed
> here.
I can certainly add this dependency information to the docs. For what
it's worth, this dependency information is all included properly in the
maven configuration. However, since I understand that not everyone uses
a dependency management tool, putting this info in an easy-to-read
location seems reasonable.
FYI, guice-multibinding is needed because shiro-guice uses it.
Specifically, this is how it binds the realms.
> and then when it's added, I get the following warning :
> ******************************
> com.google.inject.servlet.InternalServletModule$BackwardsCompatibleServletContextProvider
> get
> ATTENTION: You are attempting to use a deprecated API (specifically,
> attempting to @Inject ServletContext inside an eagerly created singleton.
> While we allow this for backwards compatibility, be warned that this MAY
> have unexpected behavior if you have more than one injector (with
> ServletModule) running in the same JVM. Please consult the Guice
> documentation at http://code.google.com/p/google-guice/wiki/Servlets for
> more information.
> ******************************
>
> I've seen that you have already fixed this issue :
> https://issues.apache.org/jira/browse/SHIRO-318
>
> I'm not sure to understand why we do not use the regular way to add a filter
> to guice :
> filter("/*").through(org.apache.shiro.web.servlet.ShiroFilter.class);
> instead of
> ShiroWebModule.bindGuiceFilter(binder());
It's merely a convenience. Feel free to use the regular method. The
proper code would be:
filter("/*").through(org.apache.shiro.guice.web.GuiceShiroFilter.class);
And note that this needs to go in a ServletModule, not the
ShiroWebModule (since it's not a ServletModule).
> That's why maybe a small example should help.
>
> Thanks in advance for your help.
>
>
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6677020.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by manitas <ma...@gmail.com>.
Yes I think it would be great to have a small complete example containing
best practices for guice integration.
In fact my rest application works fine without shiro. Andit's not so easy to
add shiro and make it work.
First of all I need the ServletContext to construct MyShiroWebModule. Where
do I get it ?
I have used this snippet found on this forum but I'm not sure this is the
best way to achieve that
*********************
public class MyGuiceServletContextListener extends
GuiceServletContextListener {
private ServletContext servletContext;
....other stuff ...
@Override
public void contextInitialized(ServletContextEvent servletContextEvent)
{
servletContext = servletContextEvent.getServletContext();
super.contextInitialized(servletContextEvent);
}
}
*********************
Then, when I add the ShiroWebModule I have to add the following jars :
guice-multibinding
org.apache.common.BeanUtils
org.apache.common.Logging
I've not found those dependencies in the doc except for the
org.apache.common.BeanUtils which is normally "only" required if using INI
config. That's not my case.
By the way I'm not sure to understand why guice multibinding is needed
here.
and then when it's added, I get the following warning :
******************************
com.google.inject.servlet.InternalServletModule$BackwardsCompatibleServletContextProvider
get
ATTENTION: You are attempting to use a deprecated API (specifically,
attempting to @Inject ServletContext inside an eagerly created singleton.
While we allow this for backwards compatibility, be warned that this MAY
have unexpected behavior if you have more than one injector (with
ServletModule) running in the same JVM. Please consult the Guice
documentation at http://code.google.com/p/google-guice/wiki/Servlets for
more information.
******************************
I've seen that you have already fixed this issue :
https://issues.apache.org/jira/browse/SHIRO-318
I'm not sure to understand why we do not use the regular way to add a filter
to guice :
filter("/*").through(org.apache.shiro.web.servlet.ShiroFilter.class);
instead of
ShiroWebModule.bindGuiceFilter(binder());
That's why maybe a small example should help.
Thanks in advance for your help.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6677020.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Guice + shiro + jersey
Posted by Jared Bunting <ja...@peachjean.com>.
On 08/10/2011 12:13 PM, manitas wrote:
> Hello
>
> I'm a beginner with shiro and I I've tried to follow the documentation
> related to guice + shiro but I've the following error
>
> java.lang.NoClassDefFoundError: com/google/inject/multibindings/Multibinder
> at org.apache.shiro.guice.ShiroModule.bindRealm
shiro-guice also requires the guice-multibindings extension. If you're using maven, it should bring this in as a dependency.
>
>
> Thanks in advance for your help.
>
> By the way, Is there somewhere on internet a complete example of
> ShiroWebModule usage ?
>
>
Are you looking for more than this?
http://shiro.apache.org/guice.html