Using isis shiro with Jdbc realm

[Okwui <ok...@gmail.com>]

The default isis shiro setup uses the shiro.ini file. From the shiro documentation, I can also use a jdbc realm so that the information is stored in a database. Is this possible in isis? Can I point shiro to use the isis objectstore?

Sent from my iPad

Re: Using isis shiro with Jdbc realm

[james agada <ok...@gmail.com>]

Yes in Shiro.ini or inside your custom jdbcrealm.

Sent from my iPhone

> On Oct 19, 2013, at 12:57 PM, Dan Haywood <da...@haywood-associates.co.uk> wrote:
>
> oh, ok.
>
> Where does one override these, do you know?  Somewhere in shiro.ini,
> perhaps?
>
>
>
>
>> On 19 October 2013 12:54, Jeroen van der Wal <je...@stromboli.it> wrote:
>>
>> There's no need to reverse-engineer the Shiro datamodel, JdbcRealm [1] uses
>> four queries which can easily be overridden:
>>
>> DEFAULT_AUTHENTICATION_QUERY = "select password from users where username
>> = ?";
>> DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt
>> from users where username = ?";
>> DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where
>> username = ?";
>> DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions
>> where role_name = ?";
>>
>>
>> [1]
>>
>> https://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
>>
>>
>>> On Sat, Oct 19, 2013 at 1:39 PM, james agada <ok...@gmail.com> wrote:
>>>
>>> Ok. Let's see how it goes.
>>>
>>> Sent from my iPhone
>>>
>>>> On Oct 19, 2013, at 12:28 PM, Dan Haywood <
>> dan@haywood-associates.co.uk>
>>> wrote:
>>>>
>>>> For help with configuring Shiro to run against a JDBC realm, I suggest
>>> you
>>>> go to the shiro users mailing list.  Isis just uses the shiro.ini file
>>> "as
>>>> is", so whatever is configured there should be honoured by Isis.
>>>>
>>>> Once you've got Shiro using a JDBC realm, ie reading from database
>>> tables,
>>>> then you can "reverse engineer" these into Isis entities, such that you
>>>> could allow an user using an Isis app to set up users.
>>>>
>>>> You could either:
>>>> - have a single app that has its own user administration functionality,
>>> eg
>>>> accessible only to an administrator, or
>>>> - you could have two apps, one being used by regular users, and the
>> other
>>>> used by administrators to setup the perms for the first.
>>>>
>>>> Hope that makes sense.
>>>>
>>>> Dan
>>>>
>>>>
>>>>
>>>>> On 18 October 2013 20:17, james agada <ok...@gmail.com> wrote:
>>>>>
>>>>> I guess I need help. I can build a custom shire jdbcRealm class. I
>> have
>>>>> identified where the isis shiro ldaprealm class is located. So I
>> assume
>>> I
>>>>> will put the jdbcrealm there. Next I suppose is to configure shiro.ini
>>> to
>>>>> use the jdbcRealm. This should work except that I will need to
>> configure
>>>>> the database. Where will I do that in the isis framework? or in shiro
>>>>> framework itself? Assuming I get these configs correct, is that all
>>> there
>>>>> is to it? Are there any specific requirements for isis in the realm or
>>> will
>>>>> it work with the default jdbcrealm class?
>>>>>
>>>>>
>>>>>> On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com>
>> wrote:
>>>>>>
>>>>>> I will try and see how it goes.
>>>>>>
>>>>>> Sent from my iPad
>>>>>>
>>>>>>>> On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <
>>> jeroen@stromboli.it>
>>>>>>> wrote:
>>>>>>>
>>>>>>> We haven't gone that route yet but it should be possible.
>>>>>>>
>>>>>>> FYI we've configured Shiro to use Microsoft Active Directory for
>>>>>>> authentication and authorization.
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Jeroen
>>>>>>>
>>>>>>>
>>>>>>>> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com>
>> wrote:
>>>>>>>>
>>>>>>>> The default isis shiro setup uses the shiro.ini file. From the
>> shiro
>>>>>>>> documentation, I can also use a jdbc realm so that the information
>> is
>>>>>>>> stored in a database. Is this possible in isis? Can I point shiro
>> to
>>>>> use
>>>>>>>> the isis objectstore?
>>>>>>>>
>>>>>>>> Sent from my iPad
>>

Re: Using isis shiro with Jdbc realm

[Dan Haywood <da...@haywood-associates.co.uk>]

oh, ok.

Where does one override these, do you know?  Somewhere in shiro.ini,
perhaps?




On 19 October 2013 12:54, Jeroen van der Wal <je...@stromboli.it> wrote:

> There's no need to reverse-engineer the Shiro datamodel, JdbcRealm [1] uses
> four queries which can easily be overridden:
>
> DEFAULT_AUTHENTICATION_QUERY = "select password from users where username
> = ?";
> DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt
> from users where username = ?";
> DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where
> username = ?";
> DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions
> where role_name = ?";
>
>
> [1]
>
> https://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
>
>
> On Sat, Oct 19, 2013 at 1:39 PM, james agada <ok...@gmail.com> wrote:
>
> > Ok. Let's see how it goes.
> >
> > Sent from my iPhone
> >
> > > On Oct 19, 2013, at 12:28 PM, Dan Haywood <
> dan@haywood-associates.co.uk>
> > wrote:
> > >
> > > For help with configuring Shiro to run against a JDBC realm, I suggest
> > you
> > > go to the shiro users mailing list.  Isis just uses the shiro.ini file
> > "as
> > > is", so whatever is configured there should be honoured by Isis.
> > >
> > > Once you've got Shiro using a JDBC realm, ie reading from database
> > tables,
> > > then you can "reverse engineer" these into Isis entities, such that you
> > > could allow an user using an Isis app to set up users.
> > >
> > > You could either:
> > > - have a single app that has its own user administration functionality,
> > eg
> > > accessible only to an administrator, or
> > > - you could have two apps, one being used by regular users, and the
> other
> > > used by administrators to setup the perms for the first.
> > >
> > > Hope that makes sense.
> > >
> > > Dan
> > >
> > >
> > >
> > >> On 18 October 2013 20:17, james agada <ok...@gmail.com> wrote:
> > >>
> > >> I guess I need help. I can build a custom shire jdbcRealm class. I
> have
> > >> identified where the isis shiro ldaprealm class is located. So I
> assume
> > I
> > >> will put the jdbcrealm there. Next I suppose is to configure shiro.ini
> > to
> > >> use the jdbcRealm. This should work except that I will need to
> configure
> > >> the database. Where will I do that in the isis framework? or in shiro
> > >> framework itself? Assuming I get these configs correct, is that all
> > there
> > >> is to it? Are there any specific requirements for isis in the realm or
> > will
> > >> it work with the default jdbcrealm class?
> > >>
> > >>
> > >>> On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com>
> wrote:
> > >>>
> > >>> I will try and see how it goes.
> > >>>
> > >>> Sent from my iPad
> > >>>
> > >>>>> On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <
> > jeroen@stromboli.it>
> > >>>> wrote:
> > >>>>
> > >>>> We haven't gone that route yet but it should be possible.
> > >>>>
> > >>>> FYI we've configured Shiro to use Microsoft Active Directory for
> > >>>> authentication and authorization.
> > >>>>
> > >>>> Cheers,
> > >>>>
> > >>>> Jeroen
> > >>>>
> > >>>>
> > >>>>> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com>
> wrote:
> > >>>>>
> > >>>>> The default isis shiro setup uses the shiro.ini file. From the
> shiro
> > >>>>> documentation, I can also use a jdbc realm so that the information
> is
> > >>>>> stored in a database. Is this possible in isis? Can I point shiro
> to
> > >> use
> > >>>>> the isis objectstore?
> > >>>>>
> > >>>>> Sent from my iPad
> > >>
> >
>

Re: Using isis shiro with Jdbc realm

[Jeroen van der Wal <je...@stromboli.it>]

There's no need to reverse-engineer the Shiro datamodel, JdbcRealm [1] uses
four queries which can easily be overridden:

DEFAULT_AUTHENTICATION_QUERY = "select password from users where username = ?";
DEFAULT_SALTED_AUTHENTICATION_QUERY = "select password, password_salt
from users where username = ?";
DEFAULT_USER_ROLES_QUERY = "select role_name from user_roles where
username = ?";
DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions
where role_name = ?";


[1]
https://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java


On Sat, Oct 19, 2013 at 1:39 PM, james agada <ok...@gmail.com> wrote:

> Ok. Let's see how it goes.
>
> Sent from my iPhone
>
> > On Oct 19, 2013, at 12:28 PM, Dan Haywood <da...@haywood-associates.co.uk>
> wrote:
> >
> > For help with configuring Shiro to run against a JDBC realm, I suggest
> you
> > go to the shiro users mailing list.  Isis just uses the shiro.ini file
> "as
> > is", so whatever is configured there should be honoured by Isis.
> >
> > Once you've got Shiro using a JDBC realm, ie reading from database
> tables,
> > then you can "reverse engineer" these into Isis entities, such that you
> > could allow an user using an Isis app to set up users.
> >
> > You could either:
> > - have a single app that has its own user administration functionality,
> eg
> > accessible only to an administrator, or
> > - you could have two apps, one being used by regular users, and the other
> > used by administrators to setup the perms for the first.
> >
> > Hope that makes sense.
> >
> > Dan
> >
> >
> >
> >> On 18 October 2013 20:17, james agada <ok...@gmail.com> wrote:
> >>
> >> I guess I need help. I can build a custom shire jdbcRealm class. I have
> >> identified where the isis shiro ldaprealm class is located. So I assume
> I
> >> will put the jdbcrealm there. Next I suppose is to configure shiro.ini
> to
> >> use the jdbcRealm. This should work except that I will need to configure
> >> the database. Where will I do that in the isis framework? or in shiro
> >> framework itself? Assuming I get these configs correct, is that all
> there
> >> is to it? Are there any specific requirements for isis in the realm or
> will
> >> it work with the default jdbcrealm class?
> >>
> >>
> >>> On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com> wrote:
> >>>
> >>> I will try and see how it goes.
> >>>
> >>> Sent from my iPad
> >>>
> >>>>> On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <
> jeroen@stromboli.it>
> >>>> wrote:
> >>>>
> >>>> We haven't gone that route yet but it should be possible.
> >>>>
> >>>> FYI we've configured Shiro to use Microsoft Active Directory for
> >>>> authentication and authorization.
> >>>>
> >>>> Cheers,
> >>>>
> >>>> Jeroen
> >>>>
> >>>>
> >>>>> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:
> >>>>>
> >>>>> The default isis shiro setup uses the shiro.ini file. From the shiro
> >>>>> documentation, I can also use a jdbc realm so that the information is
> >>>>> stored in a database. Is this possible in isis? Can I point shiro to
> >> use
> >>>>> the isis objectstore?
> >>>>>
> >>>>> Sent from my iPad
> >>
>

Re: Using isis shiro with Jdbc realm

[james agada <ok...@gmail.com>]

Ok. Let's see how it goes.

Sent from my iPhone

> On Oct 19, 2013, at 12:28 PM, Dan Haywood <da...@haywood-associates.co.uk> wrote:
>
> For help with configuring Shiro to run against a JDBC realm, I suggest you
> go to the shiro users mailing list.  Isis just uses the shiro.ini file "as
> is", so whatever is configured there should be honoured by Isis.
>
> Once you've got Shiro using a JDBC realm, ie reading from database tables,
> then you can "reverse engineer" these into Isis entities, such that you
> could allow an user using an Isis app to set up users.
>
> You could either:
> - have a single app that has its own user administration functionality, eg
> accessible only to an administrator, or
> - you could have two apps, one being used by regular users, and the other
> used by administrators to setup the perms for the first.
>
> Hope that makes sense.
>
> Dan
>
>
>
>> On 18 October 2013 20:17, james agada <ok...@gmail.com> wrote:
>>
>> I guess I need help. I can build a custom shire jdbcRealm class. I have
>> identified where the isis shiro ldaprealm class is located. So I assume I
>> will put the jdbcrealm there. Next I suppose is to configure shiro.ini to
>> use the jdbcRealm. This should work except that I will need to configure
>> the database. Where will I do that in the isis framework? or in shiro
>> framework itself? Assuming I get these configs correct, is that all there
>> is to it? Are there any specific requirements for isis in the realm or will
>> it work with the default jdbcrealm class?
>>
>>
>>> On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com> wrote:
>>>
>>> I will try and see how it goes.
>>>
>>> Sent from my iPad
>>>
>>>>> On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <je...@stromboli.it>
>>>> wrote:
>>>>
>>>> We haven't gone that route yet but it should be possible.
>>>>
>>>> FYI we've configured Shiro to use Microsoft Active Directory for
>>>> authentication and authorization.
>>>>
>>>> Cheers,
>>>>
>>>> Jeroen
>>>>
>>>>
>>>>> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:
>>>>>
>>>>> The default isis shiro setup uses the shiro.ini file. From the shiro
>>>>> documentation, I can also use a jdbc realm so that the information is
>>>>> stored in a database. Is this possible in isis? Can I point shiro to
>> use
>>>>> the isis objectstore?
>>>>>
>>>>> Sent from my iPad
>>

Re: Using isis shiro with Jdbc realm

[Dan Haywood <da...@haywood-associates.co.uk>]

For help with configuring Shiro to run against a JDBC realm, I suggest you
go to the shiro users mailing list.  Isis just uses the shiro.ini file "as
is", so whatever is configured there should be honoured by Isis.

Once you've got Shiro using a JDBC realm, ie reading from database tables,
then you can "reverse engineer" these into Isis entities, such that you
could allow an user using an Isis app to set up users.

You could either:
- have a single app that has its own user administration functionality, eg
accessible only to an administrator, or
- you could have two apps, one being used by regular users, and the other
used by administrators to setup the perms for the first.

Hope that makes sense.

Dan



On 18 October 2013 20:17, james agada <ok...@gmail.com> wrote:

> I guess I need help. I can build a custom shire jdbcRealm class. I have
> identified where the isis shiro ldaprealm class is located. So I assume I
> will put the jdbcrealm there. Next I suppose is to configure shiro.ini to
> use the jdbcRealm. This should work except that I will need to configure
> the database. Where will I do that in the isis framework? or in shiro
> framework itself? Assuming I get these configs correct, is that all there
> is to it? Are there any specific requirements for isis in the realm or will
> it work with the default jdbcrealm class?
>
>
> On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com> wrote:
>
> > I will try and see how it goes.
> >
> > Sent from my iPad
> >
> > > On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <je...@stromboli.it>
> > wrote:
> > >
> > > We haven't gone that route yet but it should be possible.
> > >
> > > FYI we've configured Shiro to use Microsoft Active Directory for
> > > authentication and authorization.
> > >
> > > Cheers,
> > >
> > > Jeroen
> > >
> > >
> > >> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:
> > >>
> > >> The default isis shiro setup uses the shiro.ini file. From the shiro
> > >> documentation, I can also use a jdbc realm so that the information is
> > >> stored in a database. Is this possible in isis? Can I point shiro to
> use
> > >> the isis objectstore?
> > >>
> > >> Sent from my iPad
> >
>

Re: Using isis shiro with Jdbc realm

[james agada <ok...@gmail.com>]

I guess I need help. I can build a custom shire jdbcRealm class. I have
identified where the isis shiro ldaprealm class is located. So I assume I
will put the jdbcrealm there. Next I suppose is to configure shiro.ini to
use the jdbcRealm. This should work except that I will need to configure
the database. Where will I do that in the isis framework? or in shiro
framework itself? Assuming I get these configs correct, is that all there
is to it? Are there any specific requirements for isis in the realm or will
it work with the default jdbcrealm class?


On Fri, Oct 18, 2013 at 12:57 PM, Okwui <ok...@gmail.com> wrote:

> I will try and see how it goes.
>
> Sent from my iPad
>
> > On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <je...@stromboli.it>
> wrote:
> >
> > We haven't gone that route yet but it should be possible.
> >
> > FYI we've configured Shiro to use Microsoft Active Directory for
> > authentication and authorization.
> >
> > Cheers,
> >
> > Jeroen
> >
> >
> >> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:
> >>
> >> The default isis shiro setup uses the shiro.ini file. From the shiro
> >> documentation, I can also use a jdbc realm so that the information is
> >> stored in a database. Is this possible in isis? Can I point shiro to use
> >> the isis objectstore?
> >>
> >> Sent from my iPad
>

Re: Using isis shiro with Jdbc realm

[Okwui <ok...@gmail.com>]

I will try and see how it goes.

Sent from my iPad

> On Oct 18, 2013, at 12:26 PM, Jeroen van der Wal <je...@stromboli.it> wrote:
> 
> We haven't gone that route yet but it should be possible.
> 
> FYI we've configured Shiro to use Microsoft Active Directory for
> authentication and authorization.
> 
> Cheers,
> 
> Jeroen
> 
> 
>> On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:
>> 
>> The default isis shiro setup uses the shiro.ini file. From the shiro
>> documentation, I can also use a jdbc realm so that the information is
>> stored in a database. Is this possible in isis? Can I point shiro to use
>> the isis objectstore?
>> 
>> Sent from my iPad

Re: Using isis shiro with Jdbc realm

[Jeroen van der Wal <je...@stromboli.it>]

We haven't gone that route yet but it should be possible.

FYI we've configured Shiro to use Microsoft Active Directory for
authentication and authorization.

Cheers,

Jeroen


On Fri, Oct 18, 2013 at 1:15 PM, Okwui <ok...@gmail.com> wrote:

> The default isis shiro setup uses the shiro.ini file. From the shiro
> documentation, I can also use a jdbc realm so that the information is
> stored in a database. Is this possible in isis? Can I point shiro to use
> the isis objectstore?
>
> Sent from my iPad