I am using Shiro with GWT, but no Guice. I also, don't use out of the box
Shiro's web application security/servlet, since my app is not really a page
based application.
After login get the sessionId and pass it along with every RPC call.
Sample Shiro.ini (change as per your requirements)
[main]
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = root
ds.password=xxxxx
ds.databaseName = somedb
md5matcher=org.apache.shiro.authc.credential.Md5CredentialsMatcher
permissionResolver =
org.apache.shiro.authz.permission.WildcardPermissionResolver
somedbRealm=org.apache.shiro.realm.jdbc.JdbcRealm
somedbRealm.permissionResolver =$permissionResolver
somedbRealm.credentialsMatcher = $md5matcher
#authenticate users.
somedbRealm.authenticationQuery = select password from user where username=
?
# Get roles for the user
somedbRealm.userRolesQuery =select r.rolename from role r, rolemap rm, user
u where u.username=? and u.userid=rm.userid and r.roleid=rm.roleid;
# Permissions for roles for authorization.
somedbRealm.permissionsQuery=select p.permission from cms_permissions p,role
r,role_permissions rp where r.rolename=? and r.roleid=rp.roleid && p.id
=rp.perm_id;
somedbRealm.dataSource = $ds
# without this , permissions and authorization wont work.
somedbRealm.permissionsLookupEnabled=true
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.realms=$somedbRealm
securityManager.cacheManager = $cacheManager
securityManager.sessionManager.globalSessionTimeout = 7200000
Init code to initialize Shiro sessions manager. I do this in some
InitServlet (load-on-startup as 1)
Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager =null;
securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Authenticate users using this code piece.
org.apache.shiro.subject.Subject subject = new
org.apache.shiro.subject.Subject.Builder().sessionId(sessionId).buildSubject();
if (subject != null && subject.isAuthenticated() &&
subject.getPrincipal() != null) {
String user = subject.getPrincipal().toString();
}
How u store the users and roles and permissions, is upto you.
See the shiro.ini file above for examples and you can guess the schema. :)
HTH.
Thanks,
Subhro.
On Fri, Aug 5, 2011 at 3:51 AM, Fabricio Pizzichillo <fpizzichi...@gmail.com
> wrote:
> Hello Friends
> I have an application with GWT + Gin + Guice + Postgresql + Mybatis. Can
> anyoneguide me on how to configure ApacheShiro to authenticate users?
> thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to google-web-toolkit@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-toolkit+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
