Hi,
I needed to use the shiro in one application that already uses Guice
and as such I have implemented a solution that is not perfect, but it
works.
I have a module called ShiroModule that intercepts the annotations.
public class ShiroModule extends AbstractModule {
@Override
protected void configure() {
ShiroAuthorizingMethodInterceptor interceptor = new
ShiroAuthorizingMethodInterceptor();
bindInterceptor(any(), annotatedWith(RequiresRoles.class), interceptor);
bindInterceptor(any(),
annotatedWith(RequiresPermissions.class), interceptor);
bindInterceptor(any(),
annotatedWith(RequiresAuthentication.class), interceptor);
bindInterceptor(any(), annotatedWith(RequiresUser.class), interceptor);
bindInterceptor(any(), annotatedWith(RequiresGuest.class), interceptor);
}
}
I believe I have copied the class ShiroAuthorizingMethodInterceptor
from shiro spring and removed two lines of code (spring dependencies)
I also created a subclass of IniShiroFilter to inject the items
created from shiro.ini
@Singleton
public class ShiroSecurityFilter extends IniShiroFilter {
private final Injector injector;
@Inject
protected ShiroSecurityFilter(Injector injector) {
this.injector = injector;
}
@Override
protected Map<String, ?> applySecurityManager(Ini ini) {
Map<String, ?> beans = super.applySecurityManager(ini);
for (Entry<String, ?> b : beans.entrySet())
injector.injectMembers(b.getValue());
return beans;
}
}
And finally, in my ServletModule I 'm doing this:
install(new ShiroModule());
filter("/*").through(ShiroSecurityFilter.class);
This was the quickest solution I found without having to think too
much, but it is not the solution I want in the future. I'd like to get
rid of shiro.ini and use a solution based only on Guice.
If anyone has better solutions, do please share them.
On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <[email protected]> wrote:
> Hello,
>
> i tried to use Apache Shiro with Google Guice in a Servlet, but the
> Dependency Injection does not work.
> When I try to access a function that is protected by shiro I get an
> error about a wrong configuration
>
> org.apache.shiro.UnavailableSecurityManagerException: No
> SecurityManager accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This
> is an invalid application configuration.
>
> I created an example project which uses Apache Shiro, Google Guice and
> Jersey to bootstrap an example rest api which you can find on github
> (https://github.com/mren/java-rest-boilerplate)
>
> Could you help me to get this application running with Shiro?
> This project could be shown on the website as an example on how to use
> Shiro with other IoC Containers thant Spring.
>
> What is the cleanest way to use Shiro with Guice?
>
--
Filipe Sousa
