>>>>> Александр <pro...@gmail.com>: > Thats right. > My solution is to build shiro infrastructure (securitymanager, realms, > filterchainresolver) by myself as a beans in blueprint, because I can > inject to them other services (like Datasource, or EntityManager). I do not > use ini file, and actually I do not use shiro in standard servlet > container, because there is Spring for it :) > But if you use shiro before, and have ini file, you can create > SecurityManager by IniSecurityManagerFactory > <https://shiro.apache.org/static/1.3.2/apidocs/src-html/org/apache/shiro/config/IniSecurityManagerFactory.html#line.46> > and > FilterChainResolver by IniFilterChainResolverFactory > <https://shiro.apache.org/static/1.3.2/apidocs/src-html/org/apache/shiro/web/config/IniFilterChainResolverFactory.html#line.43> > and > set them to your filter. All of this is better to do in activate() method > of your filter. > And dont forget to install shiro bundles (shiro-core, shiro-web...)
Thanks! I'm part of the way there. I needed the WebIniSecurityManagerFactory class instead, because AbstractShiroFilter needs WebSecurityManager. However I ran into a problem in that WebIniSecurityManagerFactory doesn't like my custom realm. I get the following error message in karaf.log of the pax exam test: 2018-03-24T18:40:56,944 | ERROR | features-1-thread-1 | ukelonn | 21 - no.priv.bang.ukelonn - 1.0.0.SNAPSHOT | [no.priv.bang.ukelonn.impl.UkelonnShiroFilter(4)] The activate method has thrown an exception org.apache.shiro.config.ConfigurationException: Unable to set property 'realms' with value [[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d]] on object of type org.apache.shiro.web.mgt.DefaultWebSecurityManager. If '[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d]' is a reference to another (previously defined) object, prefix it with '$' to indicate that the referenced object should be used as the actual value. For example, $[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d] [snip!] Caused by: java.lang.ClassCastException: no.priv.bang.ukelonn.impl.UkelonnRealm cannot be cast to org.apache.shiro.realm.Realm Could this be OSGi class loader issue...? The shiro.ini file looks like this: [main] authc.loginUrl = / user.loginUrl = / credentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher # base64 encoding, not hex in this example: credentialsMatcher.storedCredentialsHexEncoded = false credentialsMatcher.hashIterations = 1024 ukelonnRealm = no.priv.bang.ukelonn.impl.UkelonnRealm ukelonnRealm.credentialsMatcher = $credentialsMatcher securityManager.realms = $ukelonnRealm [users] [urls] / = authc /* = user The realm definition is: public class UkelonnRealm extends AuthorizingRealm Following the inheritance: AuthorizingRealm extends AuthenticatingRealm AuthenticatingRealm extends CachingRealm implements Initializable CachingRealm implements Realm, Nameable, CacheManagerAware, LogoutAware The Realm interface in the last line is org.apache.shiro.realm.Realm. I have checked the Import-Package of the manifest.mf in my application's bundle, and as far as I can tell, it imports the org.apache.shiro.realm package: Import-Package: no.priv.bang.ukelonn,javax.servlet.http;version="[2.6.0, 4.0.0)",com.vaadin.server;version="[7.6,8)",com.vaadin.addon.touchkit.s erver,com.vaadin.addon.touchkit.ui,com.vaadin.annotations;version="[7.6 ,8)",com.vaadin.data;version="[7.6,8)",com.vaadin.data.util;version="[7 .6,8)",com.vaadin.data.util.converter;version="[7.6,8)",com.vaadin.data .validator;version="[7.6,8)",com.vaadin.navigator;version="[7.6,8)",com .vaadin.ui;version="[7.6,8)",javax.servlet;version="[3.1,4)",org.apache .karaf.shell.api.action;version="[4.1,5)",org.apache.karaf.shell.api.ac tion.lifecycle;version="[4.1,5)",org.apache.shiro;version="[1.3,2)",org .apache.shiro.authc;version="[1.3,2)",org.apache.shiro.authz;version="[ 1.3,2)",org.apache.shiro.config;version="[1.3,2)",org.apache.shiro.cryp to;version="[1.3,2)",org.apache.shiro.crypto.hash;version="[1.3,2)",org .apache.shiro.realm;version="[1.3,2)",org.apache.shiro.subject;version= "[1.3,2)",org.apache.shiro.util;version="[1.3,2)",org.apache.shiro.web. config;version="[1.3,2)",org.apache.shiro.web.filter.mgt;version="[1.3, 2)",org.apache.shiro.web.mgt;version="[1.3,2)",org.apache.shiro.web.ser vlet;version="[1.3,2)",org.osgi.service.log;version="[1.3,2)",com.vaadi n.addon.touchkit.gwt.client,VAADIN.widgetsets.com.vaadin.addon.touchkit .gwt.TouchKitWidgetSet,com.vaadin.addon.touchkit.gwt.client.theme,com.v aadin.addon.touchkit.gwt.client.vcom.popover,assets,com.vaadin.addon.to uchkit.settings,com.vaadin.addon.touchkit.gwt.client.ui,com.vaadin.addo n.touchkit.gwt,com.vaadin.addon.touchkit.gwt.client.vcom,com.vaadin.add on.touchkit.annotations,com.vaadin.addon.touchkit.gwt.client.communicat ion,com.vaadin.addon.touchkit.gwt.client.theme.fonts,com.vaadin.addon.t ouchkit.gwt.client.vcom.navigation,VAADIN.widgetsets;version="[7.6,8)", com.vaadin.addon.touchkit.extensions,com.vaadin.shared;version="[7.6,8) ",VAADIN.widgetsets.com.vaadin.addon.touchkit.gwt.TouchKitWidgetSet.def erredjs.0A32B241463C3CF770B8CD52599C1C21,com.vaadin.addon.touchkit.gwt. client.offlinemode,com.vaadin.addon.touchkit.service,com.vaadin.addon.t ouchkit.gwt.client.theme.img,VAADIN.themes All hints, guesses and ideas are appreciated! Thanks! -- -- ------------------ OPS4J - http://www.ops4j.org - ops4j@googlegroups.com --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.