Great! I'll try 1.2 and will do the shiro mailing list as well. I tried the @RequiresRole on a stateless Rest service, and it didn't work, I guess now I know why now :)
On Aug 29, 2011, at 12:28 PM, Kalle Korhonen wrote: > Thanks Lenny. Yes, it's the wrong list but the discussion's likely > relevant to a number of other people as well. The most appropriate > list is Shiro users and incidentally, there was a discussion on the > same topic some time ago > (http://shiro-user.582556.n2.nabble.com/Using-Shiro-in-a-Web-EJB-environment-td3773528.html). > Your title says EJB container objects but mostly you seem to be > looking at securing the front-end servers. I've done stateful > (session-based) web services before and that'll work just fine using > exactly the same configuration and annotations. Stateless security > support was added/enhanced in shiro 1.2 trunk (with the release in > sight in the near future) - basically making it easier to configure > the framework (or some paths) so that each request is authenticated > and authorized separately. If you have a multi-tiered architecture > where your EJB container is running in a separate JVM, you'll have do > more integration work yourself, to maintain keys or some access tokens > to secure user requests / executions between multiple JVMs. There's no > standard way worked for it as one size rarely fits all. It's an > interesting topic nevertheless, and you should join the discussion on > Shiro users list (see http://shiro.apache.org/mailing-lists.html) to > keep up-to-date and make your opinions heard. > > Kalle > > > On Mon, Aug 29, 2011 at 8:51 AM, Lenny Primak <lpri...@hope.nyc.ny.us> wrote: >> Hi guys, >> perhaps this is the wrong list to post this to, but >> tynamo list still doesn't work for me, and I may post this on the Shiro list >> as well. >> >> I just started using tapestry-security, and it works great! >> My application is a Tapestry front-end to a bunch of EJBs, Web services, and >> Rest objects. >> It runs in Glassfish 3.1, and J2EE 6 compliant. >> >> This application is on an intranet, and we need to secure it and put it out >> on the internet. >> >> I was wondering if/how we can use the same T-Security/Shiro >> configuration/annotation/etc. >> on the Jax-WS Web Services, and Jax-RS REST Web Services, it at all possible, >> with a minimum of fuss. >> >> Thanks a lot. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
