We should have added the javadoc tag leaving instructions on what to do. I'm guessing in your case you might want to do something similar to what we do for Guice (create a WebEnvironment implementation) https://github.com/apache/shiro/blob/master/support/guice/src/main/java/org/apache/shiro/guice/web/WebGuiceEnvironment.java
For the SecurityManager, you should just be able to create a new instance and use/inject that. Let me know how it goes! -Brian On Thu, Jun 27, 2019 at 12:43 PM Steinar Bang <s...@dod.no> wrote: > In my Shiro-in-OSGi-configured-by-code solutions I ended up using > the deprecated WebIniSecurityManagerFactory, with some tricks to find > the shiro.ini file in the OSGi classpath: > > https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L73 > > https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnShiroFilter.java#L69 > > https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/java/no/priv/bang/handlereg/web/security/HandleregShiroFilter.java#L65 > > https://github.com/steinarb/authservice-sampleclient/blob/master/src/main/java/no/priv/bang/authservice/sampleclient/AuthserviceSampleClientShiroFilter.java#L73 > > The only thing the shiro.ini is used for is path to user/role/permission > mapping inside the webapps. > > Configuration outside of path access, is a combination of configuration > by code in the activate methods of DS components, and OSGi service > injections into the same DS components (Realm and SessionDAO are > injected). > > However, the class I use to start the configuration in the activate > metods, WebIniSecurityManagerFactory, is deprecated. > > What should I use instead? > > > Thanks! > > > - Steinar >
