Re: Setting up Shiro to work with spring and Jersey/Jackson

Mon, 31 Oct 2011 11:08:49 -0700 

Hi ,

The only urls that are secured are

 [urls]
               /ipf/** = authcBasic

But your REST APIs seem to be at

<servlet-mapping>
        <servlet-name>ServletAdaptor</servlet-name>
        <url-pattern>/rest/*</url-pattern>
</servlet-mapping>

Is it /rest/* that you need to secure ? If yes, then you might change
the ini config.

Manoj

On Mon, Oct 31, 2011 at 9:54 AM, Vampyress86
<[email protected]> wrote:
> I am new to both Spring and Shiro so please bear with me if I fail to word my
> problem correctly. I am developing a restful web service in Spring MVC and
> it is necessary to secure the system against unauthorised usage and my
> project manager wants to use Shiro as the solution. At the moment our
> primary concern is just a basic authentication system when a user performs
> an action upon a resource. I have been through multiple examples of setting
> up Shiro and none of them seem to work for my implementation and was
> wondering if it would be possible to recieve some guidance as to where I
> might be going wrong.
>
> My current web.xml implementation:
> /
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";>
>
>         <filter>
>        <filter-name>ShiroFilter</filter-name>
>
> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
>        <init-param>
>            <param-name>config</param-name>
>            <param-value>
>
>                # The IniShiroFilter configuration is very powerful and
> flexible, while still remaining succinct.
>                # Please read the
> org.apache.shiro.web.servlet.IniShiroFilter JavaDoc for information.
>
>                # Quick Tip: Instead of having this configuration here in
> web.xml, you can instead
>                # move all of this to a 'shiro.ini' file at the root of the
> classpath and remove
>                # the 'config' init-param. Or you can specify the
> 'configPath' init-param and specify the
>                # path to a resource at any location (url, file or
> classpath). This may be desired if the
>                # config gets long and you want to keep web.xml clean.
>
>                [users]
>                # format: username = password, role1, role2, ..., roleN
>                root = secret,admin
>                guest = guest,guest
>                presidentskroob = 12345,president,admin
>                darkhelmet = ludicrousspeed,darklord,schwartz
>                lonestarr = vespa,goodguy,schwartz
>
>                [roles]
>                # format; roleName = permission1, permission2, ...,
> permissionN
>                admin = *
>                schwartz = lightsaber:*
>                goodguy = winnebago:drive:eagle5
>
>                [urls]
>                /ipf/** = authcBasic
>
>            </param-value>
>        </init-param>
>    </filter>
>    <filter-mapping>
>        <filter-name>ShiroFilter</filter-name>
>        <url-pattern>/*</url-pattern>
>    </filter-mapping>
>    <servlet>
>        <servlet-name>ServletAdaptor</servlet-name>
>
> <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
>        <load-on-startup>1</load-on-startup>
>    </servlet>
>    >    <session-config>
>        <session-timeout>
>            30
>        </session-timeout>
>    </session-config>
> </web-app>/
> ----------------------------------------------
> And my application context so you can getter a better understanding of the
> services general implementation:
> -----------------------------------------------
> /
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:context="http://www.springframework.org/schema/context";
> xmlns:tx="http://www.springframework.org/schema/tx";
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://www.springframework.org/schema/context
> http://www.springframework.org/schema/context/spring-context.xsd
> http://www.springframework.org/schema/tx
> http://www.springframework.org/schema/tx/spring-tx.xsd
> ">
>
>    <context:annotation-config />
>    <tx:annotation-driven />
>
>    <bean id="farmDAO" class="com.ipf.persistance.JpaFarmDAO" />
>    <bean id="farmerDAO" class="com.ipf.persistance.JpaFarmerDAO" />
>    <bean id="farmeradvisorDAO"
> class="com.ipf.persistance.JpaFarmerAdvisorDAO" />
>    <bean id="timingDAO" class="com.ipf.persistance.JpaTimingDAO" />
>    <bean id="varietyDAO" class="com.ipf.persistance.JpaVarietyDAO" />
>    <bean id="cropDAO" class="com.ipf.persistance.JpaCropDAO" />
>    <bean id="farmercropDAO" class="com.ipf.persistance.JpaFarmerCropDAO" />
>    <bean id="zoneDAO" class="com.ipf.persistance.JpaZoneDAO" />
>
>    <bean id="transactionManager"
> class="org.springframework.orm.jpa.JpaTransactionManager">
>        <property name="entityManagerFactory" ref="entityManagerFactory"/>
>        <property name="dataSource" ref="dataSource"/>
>    </bean>
>
>    <bean id="persistenceAnnotation"
> class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"
> />
>
>    <bean id="dataSource"
> class="org.springframework.jdbc.datasource.DriverManagerDataSource">
>        <property name="driverClassName" value="${db.driverClass}" />
>        <property name="url" value="${db.connectionURL}" />
>        <property name="username" value="${db.username}" />
>        <property name="password" value="${db.password}" />
>    </bean>
>
>    <bean id="entityManagerFactory"
>
> class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
>        <property name="dataSource" ref="dataSource" />
>        <property name="jpaVendorAdapter" ref="jpaVendorAdapter" />
>    </bean>
>
>    <bean id="jpaVendorAdapter"
>
> class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
>        <property name="database" value="POSTGRESQL" />
>        <property name="showSql" value="true"/>
>        <property name="generateDdl" value="false"/>
>        <property name="databasePlatform"
>        value="org.hibernate.dialect.PostgreSQLDialect" />
>    </bean>
>
> </beans>
> /
>
>
> -------------------------------------------------------
>
> The problem I am currently facing is that the resources are still available
> no matter what configuration option I use. I should also mention I have
> tried the method of including the ini data in a file and setting up Shiro
> through beans however the result remained the same. There are no compilation
> errors to indicate a problem but the login page I would expect is not
> available and resources are returned normally.
>
> I am curious as to whether I am totally barking up the wrong tree or if I am
> relatively close in how I am trying to progress.
>
> Thankyou for your time! :)
>
>
>
>
> --
> View this message in context: 
> http://shiro-user.582556.n2.nabble.com/Setting-up-Shiro-to-work-with-spring-and-Jersey-Jackson-tp6948893p6948893.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>



-- 
http://khangaonkar.blogspot.com/

Reply via email to