Re: REST or remote client authentication :very very important

Thu, 03 Dec 2009 00:43:18 -0800 

Are you pointing me to spring remoting (hessian?)
http://static.springsource.org/spring/docs/1.2.9/reference/remoting.html
http://static.springsource.org/spring/docs/1.2.9/reference/remoting.html 

I am greatful to you guys, i think i am going to push Shiro in my project
and hope this kind of help will continue for me...

please be with me guys :-)

Regards,


Narcom wrote:
> 
> web+shiro+spring remoting
> 
> client side code
> ctx = new
> FileSystemXmlApplicationContext("/web/WEB-INF/remoting-client.xml");
> 
> DefaultSecurityManager securityManager = new DefaultSecurityManager();
> 
> SecurityUtils.setSecurityManager(securityManager);
> 
> LoginManagerRemote loginManager = (LoginManagerRemote)
> ctx.getBean("loginManager");
> String sessionId = null;
> 
> UserRemote user = loginManager.login();
> sessionId = user.getSessionId();
> log.info("user name: " + user.getName());
> log.info("sesssionId: " + sessionId);
> 
> 
> server side
> public UserRemote login() {
>         UserBean user = new UserBean();
> 
>         //get the currently executing user:
>         Subject currentUser = SecurityUtils.getSubject();
>         //Session session = currentUser.getSession(true);
>         //log.info(session.getId().toString());
> 
>         //let's log in the current user so we can check against roles and
> permissions:
>         if ( !currentUser.isAuthenticated() ) {
>             UsernamePasswordToken token = new
> UsernamePasswordToken("user1", "user1" );
>             token.setRememberMe(true);
>             try {
>                 currentUser.login(token);
>                 token.clear();
>                 user.setName("user1");
>                
> user.setSessionId(currentUser.getSession(false).getId().toString());
>                 log.info(user.getSessionId());
>             } catch (UnknownAccountException uae) {
>                 log.info( "There is no user with username of " +
> token.getPrincipal() );
>             } catch ( IncorrectCredentialsException ice ) {
>                 log.info("Password for account " + token.getPrincipal() +
> " was incorrect!");
>             } catch ( LockedAccountException lae ) {
>                 log.info("The account for username " +
> token.getPrincipal() + " is locked.  " +
>                          "Please contact your administrator to unlock
> it.");
>             }
>             // ... catch more exceptions here (maybe custom ones specific
> to your application?
>             catch ( AuthenticationException ae ) {
>                 //unexpected condition?  error?
>                 log.info(null, ae);
>             }
>         }
> 
>         return user;
>     }
> 
> 
> 

-- 
View this message in context: 
http://n2.nabble.com/REST-or-remote-client-authentication-very-very-important-tp4101242p4104812.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to