Re: Securing Tynamo tapestry-resteasy with Shiro

[Pavel Chernyak]

Hi there, Richard.

I created securityrequestfilter that reads header for auth token and
autorize/or not. Than it pass request to other filters.
Some part of code for example:

public class SecurityRequestFilter implements HttpServletRequestFilter
{

@Inject
private SecurityService securityService;

@Override
public boolean service(HttpServletRequest request, HttpServletResponse
response, HttpServletRequestHandler handler) throws IOException
{
if (request.getHeader("Authorization") != null)
login(request.getHeader("Authorization"));
else
slog.info("Anonymous request detected.");
return handler.service(request, response);

}

As for application module(Main tapestry configuration class):

@Contribute(HttpServletRequestHandler.class)
public static void
httpServletRequestHandler(OrderedConfiguration
configuration,

@InjectService("ServletRequestFilter")

HttpServletRequestFilter servletRequestFilter,
@InjectService("SecurityRequestFilter") HttpServletRequestFilter
securityRequestFilter)
{
configuration.add("SecurityRequestFilter", securityRequestFilter,
"after:SecurityConfiguration", "before:ResteasyRequestFilter");
configuration.add("ServletRequestFilter", servletRequestFilter,
"after:ResteasyRequestFilter", "before:GZIP");
}


I can't say that a right thing to do. But my way works fine to use
tapestry-security with tapestry-resteasy.

Good luck.


On 5 May 2017 at 23:49, Richard Frovarp  wrote:

> I'm wondering if there is a straightforward way to secure
> tapestry-resteasy with Shiro. We're already using tapestry-security. I have
> a student doing some work to do this, and it doesn't seem like the two work
> together. We can protect the URL path from the AppModule using the Shiro
> code like we do everywhere else. However, we can't get annotations to work
> on the REST "pages" or methods. I would like to be able to do things like
> access level access control and permission based control based on the
> authenticated user through the same Shiro tools that we have been using.
>
> It feels like we're missing something. I can probably build my own
> integration, but if it is already solved and we are just missing it, I
> would rather do it the correct way.
>
> Thanks,
>
> Richard
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>


-- 
With best regards,
Pavel Chernyak

Securing Tynamo tapestry-resteasy with Shiro

[Richard Frovarp]

I'm wondering if there is a straightforward way to secure 
tapestry-resteasy with Shiro. We're already using tapestry-security. I 
have a student doing some work to do this, and it doesn't seem like the 
two work together. We can protect the URL path from the AppModule using 
the Shiro code like we do everywhere else. However, we can't get 
annotations to work on the REST "pages" or methods. I would like to be 
able to do things like access level access control and permission based 
control based on the authenticated user through the same Shiro tools 
that we have been using.


It feels like we're missing something. I can probably build my own 
integration, but if it is already solved and we are just missing it, I 
would rather do it the correct way.


Thanks,

Richard


-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org