-resteasy.
Good luck.
On 5 May 2017 at 23:49, Richard Frovarp <rfrov...@apache.org> wrote:
> I'm wondering if there is a straightforward way to secure
> tapestry-resteasy with Shiro. We're already using tapestry-security. I have
> a student doing some work to do this, and it doesn't seem l
I'm wondering if there is a straightforward way to secure
tapestry-resteasy with Shiro. We're already using tapestry-security. I
have a student doing some work to do this, and it doesn't seem like the
two work together. We can protect the URL path from the AppModule using
the Shiro code like
It's been a while but I think you are correct about how Shiro works. I
would use a role to solve this. You can make a role like "maintainer" and
assign that role to anyone that can maintain objects. Then you can protect
any pages after the url /maintain
On Wednesday, April 19, 2
appear on the list of objects, and when they try
to POST a change, shiro ensure they have rights to the object. All
works, no problems.
This new feature is functionality that not all users have access to, so
on the front page I want to add a link that only appears for users who
have access
(possibly configurable with a symbol), people would be able to enable it if
they like. Ultimately, the call is yours, I just wanted to point out this
possible problem.
On Mon, Mar 10, 2014 at 9:41 PM, Kalle Korhonen
kalle.o.korho...@gmail.comwrote:
Perhaps there's no reason to wait for a fix in Shiro
Perhaps there's no reason to wait for a fix in Shiro. I could just
implement this as a new default CookieRememberMeManager in
tapestry-security. Dusko, you mind if I use your SimplePrincipalSerializer?
Kalle
On Thu, Mar 6, 2014 at 3:21 AM, Dusko Jovanovski dusk...@gmail.com wrote:
Thanks
at 5:54 PM, Kalle Korhonen
kalle.o.korho...@gmail.comwrote:
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply
to
override
:54 PM, Kalle Korhonen kalle.o.korho...@gmail.com
wrote:
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply
to
override
:
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue
against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's
simply
to
override with your own implementation - you could use the one
(AbstractRememberMeManager.java:514)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:396
]
at
org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
~[shiro-core-1.2.0.jar:1.2.0
Cookie size is 2K. Works like a charm, thank you :).
Regards,
Lidija
On Thu, Mar 6, 2014 at 12:21 PM, Dusko Jovanovski dusk...@gmail.com wrote:
Thanks for pointing that out, I wasn't finishing the GZIP stream properly,
already fixed in the updated gist.
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply to
override with your own implementation - you could use the one attached
I pasted shiro's debug logs below.
As far as I can see two rememberMe cookies are created: one with value
deleteMe that gets deleted immediately since Max-Age=0 and another
rememberMe cookie that has expiration date 1 year from now. So why don't I
see this cookie in a browser?
There's a debug
Sorry for talking to myself :-).
We managed to resolve the issue - the cookie was bigger than 4K. I had to
debug shiro-web since there was no warning whatsoever and browser obviously
just ignored the cookie.
This issue is nicely explained here:
http://shiro-user.582556.n2.nabble.com/Remember-me
Lenny and Kalle, thank you for your responses.
On Tue, Feb 25, 2014 at 10:26 PM, Kalle Korhonen kalle.o.korho...@gmail.com
wrote:
Shiro makes a strong separation between remembered and authenticated use
cases. It depends on your security settings whether you want to allow
remembered only
);
}
...
}
This is taken from shiro documentation (
https://shiro.apache.org/authentication.html):
//Example using most common scenario of username/password
pair:UsernamePasswordToken token = new UsernamePasswordToken(username,
password);
//Remember Me built-in:token.setRememberMe(true
. After I close the browser and reopen it again I'm not logged
in. Am I missing something here?
Shiro makes a strong separation between remembered and authenticated use
cases. It depends on your security settings whether you want to allow
remembered only users. The built-in Shiro rememberMe
);
}
UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
jsecPassword);
token.setRememberMe(true);
try {
currentUser.login(token);
}
...
}
This is taken from shiro documentation (
https://shiro.apache.org/authentication.html):
//Example using most common scenario
=domainName
But as I understand, I cannot configure shiro in Tapestry through shiro.ini
file.
How else can I configure this?
Any help would be highly appreciated.
Regards,
Lidija
with the following setting in
shiro.ini:
[main]
securityManager.sessionManager.sessionIdCookie.domain=domainName
But as I understand, I cannot configure shiro in Tapestry through
shiro.ini file.
How else can I configure this?
Any help would be highly appreciated.
Regards,
Lidija
Hi Jens
On Oct 28, 2013, at 19:44 , Lenny Primak wrote:
...
The statement above would make me think that Tapestry-Security does work for
AJAX requests too, as onActivate() is invoked for every request for the
page, render or action.
The way Tapestry-Securitiy filter is set up is that it
FlowLogix library also has a couple of solutions to deal with this:
@AJAX annotation
http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation
that will redirect to the login screen if session has expired (among other
things)
and the SessionMonitor component
page gets called)
As the only difference is zone/ajax related, I guess shiro does not handle
XHR requests correctly when rendering/redirecting, but this just an assumption.
I have to dig deeper in the shiro source
Jens
Von meinem iPhone gesendet
Am 27.10.2013 um 14:44 schrieb Lenny Primak lpri
in the
browser, but luckily in this case everything works as expected (redirect to
unauthorized page and onActivate from the unauthorized page gets called)
As the only difference is zone/ajax related, I guess shiro does not handle
XHR requests correctly when rendering/redirecting
requests for a page that's not authorized?
Also, in Tapestry 5.4, this should be handled properly by way T5.4
handles JavaScript.
I'm not following you.
onActivate isn't getting called because Tapestry-Security / Shiro
intercepts it (and denies it's permission)
before onActivate ever gets called
T5.4 handles
JavaScript.
I'm not following you.
Tapestry 5.4 handles JavaScript errors better, so this issue doesn't exist in
T5.4
onActivate isn't getting called because Tapestry-Security / Shiro intercepts
it (and denies it's permission)
before onActivate ever gets called
) on the
event-callback method to limit access. In case an user does not have the
required permissions Shiro correctly identfies it and throws an
OperationException(Subject does not have permission), perfect too.
Unfortunately there is no redirect to the Unauthorized page but
instead the page is rendered
isn't getting called because Tapestry-Security / Shiro intercepts it
(and denies it's permission)
before onActivate ever gets called.
On Oct 27, 2013, at 8:55 AM, Jens Breitenstein wrote:
Hi all!
I have a strange problem and maybe one of you can give me a hint...
Basically I have a table
I am glad i made you laugh. I know how this works with tapestry and also would
like to do/know how to do this with shiro, without using the userExists
property if there is a way.
Gesendet über Yahoo! Mail für Android
Hi,
i have some issues using shiro in my tapestry application. So far login
and logout work almost perfect. I have a custom logout link which is an
image but one logout text is still i guess automatically generated, so i
have my image and the logout text(link). how can i avoid that?
The second
Haha, man, you made me so laugh!! :))I am not sure whether or not are you
trolling, but you made my day bumping with this Q. on my Q. :D Hahahaha :))
I am not acquinted well enough with tapestry shiro, but as for the tapestry
itself, there is a great shortcut including
@Property
Folks,
i am operating shiro on tapestry.
but my doGetAuthenticationInfo(...) is called twice for every
currentSubject.login(...) call
I cannot even implement a hit counter without the count being doubled at
increment within the realm.
is there a workaorund for this? or do i have to live
Well its strange
I see in debugger two invocations of the method
and two increments of my counter.
but only one lands in the database.
very strange
even after logout and shutdown...
hitcount == 1
CredentialsMatcher configured. Perhaps you need
to [set a HashedCredentialsMatcher to your realm][4].
[1]:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
[2]:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/subject/Subject.html
[3
= findByUsername(username);
return new SimpleAuthenticationInfo(username,
user.getEncodedPassword(),
new SimpleByteSource(user.getPasswordSalt()), getName());
}
}
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-authentication-tp5106945p5106945.html
Sent
());
}
and
@RequiresRoles(value = {doctor, employee})
None of them worked. :(
I wanted doctor and employee to access the page. But, with these code none
of them were working.
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5088642.html
Sent from the Tapestry - User
On Tue, Dec 20, 2011 at 3:45 AM, csckid testnowsh...@gmail.com wrote:
public static void
contributeSecurityConfiguration(ConfigurationSecurityFilterChain
configuration,
SecurityFilterChainFactory factory) {
this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5082018.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
(),
doctor).build());
}
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5082018.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users
));
configuration.add(signup-anon, new FilterChainDefinition(/signup,
anon));
configuration.add(signin-anon, new FilterChainDefinition(/signin,
anon));
}
*
shiro-users.properties*
//I really don't know what to write here
user.localuser = local, admin
role.admin = user:view
--
View
simple tutorial just for this?
shiro-users.properties is for a properties realm (i.e. that's your
simple user database). You want a custom realm for your database
model, something like:
http://svn.codehaus.org/tynamo/trunk/tynamo-federatedaccounts/tynamo-federatedaccounts-core/src/test/java/org
Damn, I only now find out that I have replies to my question.
Kalle, I have an app that sometimes (depending on some conf init parameter)
should use the typical login inapp sequence (tapestry login page and out
of the box tapestry-shiro integration) but at other times the authentication
should
a (Tynamo) issue for it and I get to it.
2. shiro.ini or module configuration - I'm confused
The tapestry-security documentation say you can configure shiro in either
shiro.ini or in module.
I might be wrong here, but it seems that from module you can only
configure
redirect urls
been a
pleasure.
Using:
Tapestry 5.2.4
Tapestry-Security: 0.3.1
Initially I had a custom authentication dispatcher for restricting access,
and a cookie rememberme (also a dispatcher).
With tapestry-security and shiro I get a feature rich authentication and
authorization framework based on roles
not been able to solve this yet.
Please open a (Tynamo) issue for it and I get to it.
2. shiro.ini or module configuration - I'm confused
The tapestry-security documentation say you can configure shiro in either
shiro.ini or in module.
I might be wrong here, but it seems that from module you can
Thanks, Taha, that really helped, I got it working.
Ron
From: Taha Hafeez tawus.tapes...@gmail.com
To: Tapestry users users@tapestry.apache.org
Sent: Wed, January 5, 2011 4:21:49 PM
Subject: Re: questions regarding tapestry, shiro, tapestry-security
Hello, guys,
I am having a very hard time trying to figure out how to use shiro in tapestry.
Now I'm looking at the wonderful T5 hotel-booking-demo(using tynamo's
tapestry-security) code. If a visitor is not logged in , when she goes to the
search page, she will be redirected to the signin
Taha
On Wed, Jan 5, 2011 at 1:46 PM, Ronald Luke ronald.l...@ymail.com wrote:
Hello, guys,
I am having a very hard time trying to figure out how to use shiro in
tapestry.
Now I'm looking at the wonderful T5 hotel-booking-demo(using tynamo's
tapestry-security) code. If a visitor is not logged
On Wed, 05 Jan 2011 06:16:43 -0200, Ronald Luke ronald.l...@ymail.com
wrote:
Hello, guys,
Hi!
Now I'm looking at the wonderful T5 hotel-booking-demo(using tynamo's
tapestry-security) code. If a visitor is not logged in , when she goes
to the search page, she will be redirected to the
...@gmail.com wrote:
Hello!
I need to override Shiro authc filter. I can do that via shiro.ini file:
[main]
authc=com.programeter.web.security.RemoteUserAuhtenticationFilter
But I am wondering if there's way to achieve the same via XxxModule and
configure Shiro via Tynamo Security. Tynamo has
Follow http://jira.codehaus.org/browse/TYNAMO-67. In the one
application I needed this, I'm still using tapestry-security 0.1.0
which allowed these type of contributions and was a separate and my
original effort at integrating jsecurity/shiro. There were a few other
interesting features and I'll
Hello!
I need to override Shiro authc filter. I can do that via shiro.ini file:
[main]
authc=com.programeter.web.security.RemoteUserAuhtenticationFilter
But I am wondering if there's way to achieve the same via XxxModule and
configure Shiro via Tynamo Security. Tynamo has
Hi Paul
The AuthorizingRealm constructor can take a CacheManager as a parameter.
In our case we use the EhCacheManager.
That's all you need!
Cheers.
Alejandro
On Fri, Nov 19, 2010 at 12:58 AM, Paul Stanton p...@mapshed.com.au wrote:
Kalle,
I'm think I'm making progress however I haven't
Alejandro,
Would you mind posting your Realm implementation?
I tried just providing a CacheManager to the constructor for
AuthorizingRealm but there must be something else missing as i still
have 2 problems:
1. The SimpleAccount is not being cached after the credentials have been
checked
Kalle,
I'm think I'm making progress however I haven't found a good guide to
confirm I'm on the right track.
I have a persistent User entity (db+hibernate). The user has multiple
roles. I only really want to use the RequiresRoles annotation on pages
(and some methods) at this point.
So
UsernamePasswordToken(username, password));
}
});
Assert.assertEquals(subject.getPrincipal(), username);
but i have no idea , how to test salt.
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/tapestry-security-with-1-1-0-of-shiro-unable-to-get-sha512
So this is in my pom.xml
I have 0.2.0 version of tynamo security excluding apache shiro
1.0.0.incubating and instead using 1.1.0 of apache shiro.
my save user looks like this..
// begin save user
RandomNumberGenerator rng = new SecureRandomNumberGenerator
HashedCredentialsMatcher {
3) Are you using T5.1.0.5? If so, use the brand new, yet unannounced
tapestry-security 0.2.1 (that depends on Shiro 1.1.0).
Agree this is important enough to have a decent example for it. I'm
waiting to have T5.2.3 release available before making the
corresponding tapestry-security
Hi all,
I am playing with hotel booking application and trying to use some examples
from it in my project. Now I have a problem in login page - when I try to
login, I got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I upgrade
try to
login, I got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I upgrade to fixed version of
shiro/tynamo-security?
Thanks in advance.
Anton
got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I upgrade to fixed version of
shiro/tynamo-security?
Thanks in advance.
Anton
--
Regards,
Christophe Cordenier.
Committer on Apache Tapestry 5
Co-creator of wooki
/SHIRO-183
Is it fixed now? How can I upgrade to fixed version of
shiro/tynamo-security?
Thanks in advance.
Anton
--
Regards,
Christophe Cordenier.
Committer on Apache Tapestry 5
Co-creator of wooki @wookicentral.com
in login page - when I try
to
login, I got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I upgrade to fixed version of
shiro/tynamo-security?
Thanks in advance.
Anton
--
Regards,
Christophe Cordenier
,
I am playing with hotel booking application and trying to use some
examples
from it in my project. Now I have a problem in login page - when I
try
to
login, I got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I
65 matches
Mail list logo