Re: REST or remote client authentication :very very important

Thu, 03 Dec 2009 05:52:21 -0800 

first I took exaple from Siro dist - web+spring. But it really worked only
for web auth. so I modified it a little.

I added separete servlet/bean to responsible for login
this is my spring config for login bean
<bean id="loginManager" class="com.springbook.LoginManagerBean">
        <property name="ehCacheManager" ref="cacheManager"/>
    </bean>
    <bean name="/login"
class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
        <property name="service" ref="loginManager"/>
        <property name="serviceInterface"
value="com.springbook.LoginManagerRemote"/>
        <property name="remoteInvocationExecutor"
ref="secureRemoteInvocationExecutor"/>
    </bean>

    <bean name="/secure/sampleManager"
class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
        <property name="service" ref="sampleManager"/>
        <property name="serviceInterface"
value="my.samples.shiro.spring.SampleManager"/>
        <property name="remoteInvocationExecutor"
ref="secureRemoteInvocationExecutor"/>
    </bean>

this my spring client config
<bean id="loginManager"
       
class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
        <property name="serviceUrl"
value="http://localhost:8084/SpringRemoting/remoting/login"/>
        <property name="serviceInterface"
value="com.springbook.LoginManagerRemote"/>
        <property name="remoteInvocationFactory"
ref="secureRemoteInvocationFactory"/>
    </bean>

    <bean id="sampleManager"
       
class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
        <property name="serviceUrl"
value="http://localhost:8084/SpringRemoting/remoting/secure/sampleManager"/>
        <property name="serviceInterface"
value="my.samples.shiro.spring.SampleManager"/>
        <property name="remoteInvocationFactory"
ref="secureRemoteInvocationFactory"/>
    </bean>

    <!--bean id="secureRemoteInvocationFactory"
        class="my.samples.shiro.spring.SecureRemoteInvocationFactory"/-->

    <bean id="secureRemoteInvocationFactory"
       
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory"/>

If you'd like change serialization to hessian.
make sure that you switch session mode to "native"
it works as follow:
1. I use "loginManager" bean to login. make sure that it is not under Shiro
web security filter.
2. then get new generated session to call secure methods in "sampleManager"


I think it is better to configure ehCahe. to configure it you could look at
my previous posts
for example this:
http://n2.nabble.com/Web-Spring-EhCache-how-to-change-default-cache-name-tp4063126p4096087.html



-- 
View this message in context: 
http://n2.nabble.com/REST-or-remote-client-authentication-very-very-important-tp4101242p4106138.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply via email to