Hi! Shiro's JAX-RS support requires the use of a servlet stack, (or an equivalent filter in your application) This can be auto configured if your container supports it: https://github.com/apache/shiro/blob/1.8.x/samples/jaxrs/pom.xml#L69-L72
Otherwise you can configure a web.xml, similar to this: https://github.com/apache/shiro/blob/1.8.x/support/servlet-plugin/src/main/resources/META-INF/web-fragment.xml On Mon, Jan 24, 2022 at 10:58 PM lewis john mcgibbney <lewi...@apache.org> wrote: > Hi user@, > I'm trying to implement LDAP authentication in the Apache Nutch webserver > [0]. When I remotely debug a running server I can see the LDAP realm and > associated configuration being loaded by the Shiro SecurityManager. > shiro.ini looks something like this > > [main] > ldapRealm = org.apache.shiro.realm.ldap.DefaultLdapRealm > ldapRealm.userDnTemplate = uid={0},ou=users,dc=mycompany,dc=com > ldapRealm.contextFactory.url = ldaps://my-company:636 > securityManager.realms = $ldapRealm > > The initial resource I'm trying to secure can be seen at [1]. When I > execute a GET against /admin path with basic authentication credentials, > Shiro returns a 401 Unauthorized. > > It is not clear to me how I should go about debugging Shiro behavior for a > specific request to a specific /path. > > Can someone please take a look and point me in the right direction? I > would very much like to contribute my learning experience back to the Shiro > examples. Currently none exist for CXF-based > JAX-RS services. > > Thanks > lewismc > > [0] > https://github.com/lewismc/nutch/blob/NUTCH-2925/src/java/org/apache/nutch/service/NutchServer.java#L104-L107 > [1] > https://github.com/lewismc/nutch/blob/NUTCH-2925/src/java/org/apache/nutch/service/resources/AdminResource.java#L55-L66 > > -- > http://home.apache.org/~lewismc/ > http://people.apache.org/keys/committer/lewismc >