I am developing a non-web based application, to secure the same I need to use shiro. I am able to configure shiro for a web-based application, but I have to do the same through API calls.
The idea is to have a Login API - which will authenticate/authorize whether to give the permission to this app to use the API or not. I am using an embedded jetty server in my application, for any API request the user or any app has to post the request to this server. Before using any api, user have to call this login api and get permission. Can anyone please tell me how can I achieve this..? What could be the request format, because I don't want to have my own authentication mechanism, whatever shiro does is fine..I have to use default shiro realms only, and Basic http authentication is also ok. But it should not prompt for username and password, every thing should happen through codes only.. Regards, Ankit -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-to-secure-API-calls-tp7579642.html Sent from the Shiro User mailing list archive at Nabble.com.
