I agree JSR 250 can be easily supported. Can you please open a Jira feature request Tim?
And I think that if OAuth can be cleanly supported as a module, we should do it. There is already an existing Jira for this too: https://issues.apache.org/jira/browse/SHIRO-119 As for Jersey, any REST-based support mechanism would work well with Shiro's existing web support. You might also want to look at the 'REST Support' section in this page: http://incubator.apache.org/shiro/web.html HTH, Les On Tue, Jun 8, 2010 at 4:04 PM, Kalle Korhonen <[email protected]> wrote: > On Tue, Jun 8, 2010 at 3:19 PM, Tim Julien <[email protected]> wrote: >> Does anyone have any experience using Shiro with: >> * Jersey >> * OAuth >> * JSR 250 security annotations (RunAs, RolesAllowed, PermitAll, DenyAll, >> DeclareRoles) >> Not sure Shiro even supports these things - are there any plans to >> support them? > > I've used Jersey before but we (as part of Tynamo.org) are providing > integration with another JAX-RS implementation, RestEasy instead (see > http://tynamo.org/tapestry-resteasy+guide). Shiro can naturally be > used together with any JAX-RS implementation. > > Not sure if it makes sense for Shiro alone to support Oauth 2 as it > requires a redirect URI back to your application and so it would need > to be implemented as a filter. For handling exception cases, it makes > a more natural fit to implement a complete Oauth with your favorite > web framework technology. Technically it's straight-forwarded to > implement an Oauth realm with Shiro and I've implemented one that will > eventually be contributed to Tynamo.org's security package (based on > Shiro, naturally). Federated realms is a more interested topic in > Shiro context - it might be useful if Shiro provided some generic > interfaces for any federated authentication (and authorization) use > cases. > > I have to take a look at JSR 250 security annotations, it makes sense > that Shiro would provide hooks for processing them. > > Kalle >
