You need to configure whatever AOP mechanism you wish to recognize Shiro annotations and handle them accordingly.
For example, often people do this via Spring AOP or AspectJ. What mechanism might be used in your project? Here is a sample AspectJ-enabled app that does this: http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj Of particular interest is the aspectj aop.xml file that sets this up: http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/src/test/resources/META-INF/aop.xml Does this help? How does your app know to inspect the Jersey annotations? I don't know Jersey myself, but is there a way to also support additional annotations like Shiro's? Do you use an AOP mechanism today? Regards, Les On Wed, Jan 25, 2012 at 5:29 PM, crichmond <[email protected]> wrote: > I have a resource class for Jersey rest endpoints in Jetty like so.. > > @Path("/reports") > public class ReportResource { > > > @GET > @Path("{dept: finance|marketing}") > public String getByDept(@PathParam("dept") String dept) { > ReportNameListPage page = new ReportNameListPage(dept); > return page.generatePage(); > } > > .. > > more get methods > > This serves up dynamic pages at /reports/finance, /reports/marketing, etc in > a REST style with Jersey. > > I tried to add @RequiresAuthentication to the @Get method like so: > > @GET > @Path("{dept: finance|marketing}") > @RequiresAuthentication > public String getByDept(@PathParam("dept") String dept) { > ReportNameListPage page = new ReportNameListPage(dept); > return page.generatePage(); > } > > but this does not redirect to my login page or challenge in any way. Is > this the correct approach to secure a Jersey/REST resource with Shiro? > > Thanks > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Securing-Jersey-resouces-with-Shiro-tp7225690p7225690.html > Sent from the Shiro User mailing list archive at Nabble.com.
