You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by char_lee <ch...@gmail.com> on 2010/01/19 11:16:58 UTC
Shiro Sping filter
Hi, I am trying to get my CXF REST services to use Shiro. I have notice in
trunk there is a Spring base filter. However it is using the deprecated
ShiroFilter class rather then the IniShiroFilter. What is the plan for this.
I am thinking of doing this myself. Any opinions?
C
--
View this message in context: http://n2.nabble.com/Shiro-Sping-filter-tp4419140p4419140.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: Shiro Sping filter
Posted by Les Hazlewood <lh...@apache.org>.
Currently there is no support for referencing Spring-configured
objects within the INI text configuration part. So you will have to
define your authFilter directly in the INI config:
<bean id="shiroFilter" class="org.apache.shiro.web.servlet.IniShiroFilter">
<property name="securityManager" ref="secManager"/>
<property name="config">
<value>
[filters]
authFilter = com.hp.spike.CustomHttpAuthenticationFilter
[urls]
/* = authFilter
</value>
</property>
</bean>
Cheers,
Les
On Tue, Jan 19, 2010 at 12:47 PM, char_lee <ch...@gmail.com> wrote:
>
> AHH yes I have manage to wire things up.. For some reason tho I haven't been
> able to wire the [urls]. Am i doing something wrong? This is what I have:
>
> <bean name="hpRealm" class="com.hp.spike.HpRealm"/>
>
> <bean id="secManager" class="com.hp.spike.CustomeWebSecurityManager">
> <property name="realm" ref="hpRealm"/>
> <property name="sessionMode" value="native"/>
>
> </bean>
>
>
> <bean id="authFilter" class="com.hp.spike.CustomeHttpAuthenticationFilter"
> />
>
> <bean id="shiroFilter"
> class="org.apache.shiro.web.servlet.IniShiroFilter">
> <property name="securityManager" ref="secManager"/>
> <property name="config">
> <value>
> [urls]
> /* = authFilter
> </value>
>
> </property>
>
> </bean>
>
>
> Then when i hit my REST endpoint it does call my
> CustomeHttpAuthenticationFilter.isAccessAllowed :(
>
> --
> View this message in context: http://n2.nabble.com/Shiro-Spring-filter-tp4419140p4421723.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>
Re: Shiro Sping filter
Posted by char_lee <ch...@gmail.com>.
Ah i got it to parse the urls in the spring config just i didnt set the
targetFilterLifecycle to true in DelegatingFilterProxy.
However now i have it parsing the the urls in the spring config. It doesn't
let me use the wired in CustomeHttpAuthenticationFilter but the one defined
in the ShiroFilter config:
[filters]
authFilter = com.hp.spike.CustomeHttpAuthenticationFilter
[urls]
/secure/* = authFilter
I tried not have a filter section and just referect the url to the bean id
that I defined in spring.
<bean id="authFilter"
class="com.hp.spike.CustomeHttpAuthenticationFilter"/>
Anyway to assign the URLs with a wired spring bean?
C
--
View this message in context: http://n2.nabble.com/Shiro-Spring-filter-tp4419140p4421965.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: Shiro Sping filter
Posted by char_lee <ch...@gmail.com>.
AHH yes I have manage to wire things up.. For some reason tho I haven't been
able to wire the [urls]. Am i doing something wrong? This is what I have:
<bean name="hpRealm" class="com.hp.spike.HpRealm"/>
<bean id="secManager" class="com.hp.spike.CustomeWebSecurityManager">
<property name="realm" ref="hpRealm"/>
<property name="sessionMode" value="native"/>
</bean>
<bean id="authFilter" class="com.hp.spike.CustomeHttpAuthenticationFilter"
/>
<bean id="shiroFilter"
class="org.apache.shiro.web.servlet.IniShiroFilter">
<property name="securityManager" ref="secManager"/>
<property name="config">
<value>
[urls]
/* = authFilter
</value>
</property>
</bean>
Then when i hit my REST endpoint it does call my
CustomeHttpAuthenticationFilter.isAccessAllowed :(
--
View this message in context: http://n2.nabble.com/Shiro-Spring-filter-tp4419140p4421723.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: Shiro Sping filter
Posted by Les Hazlewood <lh...@apache.org>.
The examples are relatively trivial:
[urls]
/rest/user/view = authc,perms[user:view]
/rest/user/edit = authc,perms[user:edit]
/rest/** = authc
...
That's all that was necessary in my case.
On Tue, Jan 19, 2010 at 10:31 AM, char_lee <ch...@gmail.com> wrote:
>
> Thank you for the reply. Do you have the (web + cxf) xml's examples? I was
> having problem wiring in the extended AuthenticationFilter class. As the url
> section of the ini confiuration didn't recongise the alias..
>
> Thanks
> C
> --
> View this message in context: http://n2.nabble.com/Shiro-Spring-filter-tp4419140p4420701.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>
Re: Shiro Sping filter
Posted by char_lee <ch...@gmail.com>.
Thank you for the reply. Do you have the (web + cxf) xml's examples? I was
having problem wiring in the extended AuthenticationFilter class. As the url
section of the ini confiuration didn't recongise the alias..
Thanks
C
--
View this message in context: http://n2.nabble.com/Shiro-Spring-filter-tp4419140p4420701.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
Re: Shiro Sping filter
Posted by Les Hazlewood <lh...@apache.org>.
On the Spring front, I would like to deprecate any Spring-specific
ShiroFilter if we still have one.
Spring's DelegatingFilterProxy is a much better mechanism for Spring
environments, since you can configure both the Shiro Filter as well as
the Shiro SecurityManager and any of their dependencies nicely within
Spring XML.
I need to update the Spring webapp to reflect this approach.
On Tue, Jan 19, 2010 at 5:16 AM, char_lee <ch...@gmail.com> wrote:
>
> Hi, I am trying to get my CXF REST services to use Shiro. I have notice in
> trunk there is a Spring base filter. However it is using the deprecated
> ShiroFilter class rather then the IniShiroFilter. What is the plan for this.
> I am thinking of doing this myself. Any opinions?
>
> C
> --
> View this message in context: http://n2.nabble.com/Shiro-Sping-filter-tp4419140p4419140.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>
Re: Shiro Sping filter
Posted by Les Hazlewood <lh...@apache.org>.
Just use the IniShiroFilter - it does everything the now-deprecated
ShiroFilter used to do, but its class name reflects its corresponding
configuration mechanism.
I use CXF/Rest w/ the IniShiroFilter with no problems.
HTH,
Les
On Tue, Jan 19, 2010 at 5:16 AM, char_lee <ch...@gmail.com> wrote:
>
> Hi, I am trying to get my CXF REST services to use Shiro. I have notice in
> trunk there is a Spring base filter. However it is using the deprecated
> ShiroFilter class rather then the IniShiroFilter. What is the plan for this.
> I am thinking of doing this myself. Any opinions?
>
> C
> --
> View this message in context: http://n2.nabble.com/Shiro-Sping-filter-tp4419140p4419140.html
> Sent from the Shiro Developer mailing list archive at Nabble.com.
>