You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Shan Syed <sh...@gmail.com> on 2014/07/14 22:39:14 UTC

straight forward way to add realms post-setup in a web environment?

Hey there - I'm trying to add custom authentication and authorization to my
web application (user information will be available by a webservice).

I'm more or less using an all-programmatically configured Jetty
(Dropwizard) as my application container.

My minimal set up so far is as so (please just assume "environment" is the,
wait for it, environment for my servlets etc...

private void setupSecurity(Environment environment) {

// shiro environment
final EnvironmentLoaderListener shiroEnvironmentLoaderListener = new
EnvironmentLoaderListener();
environment.servlets().addServletListeners(shiroEnvironmentLoaderListener);

// session management
final SessionHandler sessionHandler = new SessionHandler();
environment.servlets().setSessionHandler(sessionHandler);

// security filter
final Filter shiroFilter = new ShiroFilter();
setupServletFilter(environment, shiroFilter, "shiro-filter");

}

So cool - through the magic of classpathery, it finds my shiro.ini, and all
is good - I can protect URLs, JAX-RS resources, etc..
Now I want to migrate user data (credentials, roles, etc) to a custom
realm, as I want to essentially create a security DAO to talk to another
webservice.

I know I can add class names and what not to the INI files; but I need to
construct the realm programatically (lots of depedencies need to be
injected via constructor to this realm).. in other words, I want to control
all object instantiation myself.

How can I achieve this in the most straight forward manner?

I tried to get a reference to the SecurityManager directly in the above
method, as the last thing, but I got this error:
"No SecurityManager accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is
an invalid application configuration."

I'm not sure why the configuration is deemed invalid, because all the auth
seems to be working totally fine.

I started going down the path of writing my own "shiroEnvironmentClass",
but I got lost in the all the various layers, making think that I just
missed the most straight forward way to do this.

Thanks for any insight you can provide!

Shan

Re: straight forward way to add realms post-setup in a web environment?

Posted by domfarr <do...@gmail.com>.

I use dropwizard with shiro and have dependency injection via the ini file.
The dropwizard yaml contains important things like location of ini file so
magic isn't required. :)

Between the yaml, ini and some object constructions in Dropwizard's
Configuration class it is nicely configurable, reads and works well.

I did have to create an extension to the EnvironmentLoaderListener. Happy to
share this with you if you want. 



--
View this message in context: http://shiro-user.582556.n2.nabble.com/straight-forward-way-to-add-realms-post-setup-in-a-web-environment-tp7580081p7580091.html
Sent from the Shiro User mailing list archive at Nabble.com.