I also managed to use a Blueprint version (instead of Spring) : <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0 http://karaf.apache.org/xmlns/shell/v1.1.0 http://karaf.apache.org/xmlns/shell/v1.1.0";> <bean id="shiroRealm" class="org.soluvas.web.login.SoluvasRealm" /> <bean id="securityManager" class= "org.apache.shiro.web.mgt.DefaultWebSecurityManager" destroy-method="destroy"> <property name="realm" ref="shiroRealm" /> </bean> <bean id="shiroFilterFactory" class= "org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> </bean> <bean id="securityFilter" class= "com.hendyirawan.paxwicketshiro.app.filter.DelegatingFilterFactory" init-method="register" activation="eager"> <argument ref="blueprintBundleContext" /> <argument value="berbatik_dev" /> *<!-- **Wicket** application name -->* <argument value="2" /> *<!-- Priority -->* <property name="filter"> <bean factory-ref="shiroFilterFactory" factory-method="getObject" /> </property> </bean> </blueprint> However I haven't tested annotation security with this yet. I'm not against Spring in any way though... Sometimes I think Spring is better because it's supported by both OSGi and non-OSGi environments, while Blueprint is OSGi specific. Hendy On Tue, Oct 30, 2012 at 4:54 PM, Hendy Irawan <[email protected]> wrote: > Thank you Bram. > > I have incorporated your sample project in my project at : > https://github.com/ceefour/paxwicket-shiro > > I've verified it working on : > Karaf 2.3.0 + Spring 3.0 > Pax Wicket 1.1.1 > Shiro 1.2.1 > wicketstuff-shiro 1.5.8 > > Thanks! > > I noticed you used wicketstuff-shiro ... now it makes me curious. :-) > > Hendy > > > On Tue, Oct 30, 2012 at 1:24 AM, Bram Pouwelse <[email protected]> wrote: > >> Hi Hendy, >> >> I'm using Apache Shiro in my application, while working on the >> integration I was working on a sample project for this but never found the >> time to really finish the sample project but you can find the it on GitHub >> [1]. >> >> Kind regards, >> Bram Pouwelse >> >> >> [1]: >> https://github.com/brampouwelse/org.ops4j.pax.wicket/tree/master/samples/apache-shiro >> >> 2012/10/29 Hendy Irawan <[email protected]> >> >>> Hi, >>> >>> Is there an example demonstrating securing a web application hosted in >>> Pax Web/Karaf using Apache Shiro? >>> (I use Pax Wicket, but I presume this applies to any Pax Web app?) >>> >>> Should I use shiro-core or shiro-web ? >>> >>> Shiro Karaf feature is available >>> at mvn:org.apache.shiro/shiro-features/1.2.1/xml/features so installing it >>> is easy, but I am confused how to use it.. >>> >>> i tried something like : >>> >>> private transient Logger log = LoggerFactory.getLogger(LoginPage.class); >>> private final LoginFormModel loginFormModel = new LoginFormModel(); >>> private transient final Subject currentUser; >>> >>> public LoginPage() { >>> super(); >>> >>> Ini ini = new Ini(); >>> ini.load(LoginPage.class.getResourceAsStream("default.realm.ini")); >>> IniRealm defaultRealm = new IniRealm(ini); >>> SecurityUtils.setSecurityManager(new DefaultWebSecurityManager( >>> defaultRealm)); >>> currentUser = SecurityUtils.getSubject(); >>> add(new Label("currentUser", >>> String.valueOf(currentUser.getPrincipal()))); >>> >>> final Form<LoginFormModel> loginForm = new >>> Form<LoginFormModel>("loginForm", new >>> Model<LoginFormModel>(loginFormModel)); >>> add(loginForm); >>> loginForm.add(new TextField<String>("username", new >>> PropertyModel<String>(loginFormModel , "username"))); >>> loginForm.add(new PasswordTextField("password", new >>> PropertyModel<String>(loginFormModel , "password"))); >>> loginForm.add(new CheckBox("rememberMe", new >>> PropertyModel<Boolean>(loginFormModel, "rememberMe"))); >>> loginForm.add(new AjaxButton("login") { >>> @Override >>> protected void onSubmit(AjaxRequestTarget target, Form<?> form) { >>> log.info("Processing {}", loginFormModel); >>> target.add(feedbackPanel); >>> currentUser.login(new UsernamePasswordToken(loginFormModel >>> .getUsername(), loginFormModel.getPassword() >>> .toCharArray())); >>> super.onSubmit(target, form); >>> } >>> @Override >>> protected void onError(AjaxRequestTarget target, Form<?> form) { >>> target.add(feedbackPanel); >>> super.onError(target, form); >>> } >>> }); >>> } >>> >>> But got: >>> >>> Unexpected RuntimeException >>> >>> Last cause: SessionContext must be an HTTP compatible implementation. >>> WicketMessage: Method onRequest of interface >>> org.apache.wicket.behavior.IBehaviorListener targeted at >>> org.apache.wicket.ajax.markup.html.form.AjaxButton$1 {event='onclick'} on >>> component [ [Component id = login]] threw an exception >>> >>> >>> >>> Stacktrace >>> >>> Root cause: >>> >>> java.lang.IllegalArgumentException: SessionContext must be an HTTP >>> compatible implementation. >>> >>> >>> >>> >>> at >>> org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) >>> at >>> org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) >>> >>> >>> >>> >>> at >>> org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121) >>> at >>> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336) >>> at >>> org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312) >>> >>> >>> >>> >>> at >>> org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182) >>> at >>> org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163) >>> at >>> org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144) >>> >>> >>> >>> >>> at >>> org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383) >>> at >>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) >>> at >>> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183) >>> >>> >>> >>> >>> at >>> org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283) >>> at >>> org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) >>> at org.soluvas.web.login.LoginPage$1.onSubmit(LoginPage.java:56) >>> >>> >>> >>> >>> -- >>> Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on >>> LinkedIn<http://id.linkedin.com/in/hendyirawan> >>> Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator >>> Bisnis | Bandung >>> >>> >>> _______________________________________________ >>> general mailing list >>> [email protected] >>> http://lists.ops4j.org/mailman/listinfo/general >>> >>> >> >> _______________________________________________ >> general mailing list >> [email protected] >> http://lists.ops4j.org/mailman/listinfo/general >> >> > > > -- > Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on > LinkedIn<http://id.linkedin.com/in/hendyirawan> > Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator > Bisnis | Bandung > > -- Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on LinkedIn<http://id.linkedin.com/in/hendyirawan> Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator Bisnis | Bandung
_______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
