Ok now I have some success. I have successfully received an OSGi service injection of the correct ServletContext created by the ServletContextHelper.
To recap: I'm trying to switch this https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L74 to something like this https://github.com/fpapon/shiro-labs/blob/master/karaf-jaxrs/src/main/java/fr/openobject/labs/shiro/karaf/jaxrs/ShiroService.java#L47 The start of the AuthserviceShiroFilter.activate() method now looks like this: @Activate public void activate() { environment = new IniWebEnvironment(); environment.setIni(INI_FILE); environment.setServletContext(context); environment.init(); DefaultWebSessionManager sessionmanager = new DefaultWebSessionManager(); sessionmanager.setSessionDAO(session); sessionmanager.setSessionIdUrlRewritingEnabled(false); DefaultWebSecurityManager securityManager = DefaultWebSecurityManager.class.cast(environment.getWebSecurityManager()); securityManager.setSessionManager(sessionmanager); securityManager.setRealm(realm); setSecurityManager(securityManager); The next place I got stuck was in the code replacing the authc filter with the PassThruAuthenticationFilter: // Using the PassThruAuthenticationFilter instead of the default authc FormAuthenticationFilter // to be able to do a redirect back "out of" authservice to the originalUrl Map<String, Object> defaultBeans = new HashMap<>(securityManagerFactory.getBeans()); PassThruAuthenticationFilter authc = new PassThruAuthenticationFilter(); authc.setLoginUrl("/login"); defaultBeans.put("authc", (Object)authc); Does anyone know how I could do this in Java code, now that I no longer have access to the securityManagerFactory? is the IniWebEnvironment.getObjects() method the same as securityManager.getBeans()? (it has the same signature) Thanks!
