On Tue, Jun 8, 2010 at 3:19 PM, Tim Julien <[email protected]> wrote: > Does anyone have any experience using Shiro with: > * Jersey > * OAuth > * JSR 250 security annotations (RunAs, RolesAllowed, PermitAll, DenyAll, > DeclareRoles) > Not sure Shiro even supports these things - are there any plans to > support them?
I've used Jersey before but we (as part of Tynamo.org) are providing integration with another JAX-RS implementation, RestEasy instead (see http://tynamo.org/tapestry-resteasy+guide). Shiro can naturally be used together with any JAX-RS implementation. Not sure if it makes sense for Shiro alone to support Oauth 2 as it requires a redirect URI back to your application and so it would need to be implemented as a filter. For handling exception cases, it makes a more natural fit to implement a complete Oauth with your favorite web framework technology. Technically it's straight-forwarded to implement an Oauth realm with Shiro and I've implemented one that will eventually be contributed to Tynamo.org's security package (based on Shiro, naturally). Federated realms is a more interested topic in Shiro context - it might be useful if Shiro provided some generic interfaces for any federated authentication (and authorization) use cases. I have to take a look at JSR 250 security annotations, it makes sense that Shiro would provide hooks for processing them. Kalle
