Thank Dominic,
I have not try your approach yet, but this is what I have:
*shiro.ini*
---------
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
ds = com.le.viet.db.HookShiroWithDB
jdbcRealm.dataSource=$ds
securityManager.realms = $jdbcRealm
*UserTblDAO.java* (Class A)
-----------------------------------
public boolean isLoginSuccess(UserToJavaToJson loginUser){
String username = loginUser.getUser();
String password = loginUser.getPass();
Subject subject = userAuthentication(username, password);
if (subject != null && subject.isAuthenticated()) {
logger.debug("successfull login");
return true;
} else {
logger.debug("Failed log in");
return false;
}
}
public boolean isLoginSuccess(UserToJavaToJson loginUser){
String username = loginUser.getUser();
String password = loginUser.getPass();
Subject subject = userAuthentication(username, password);
if (subject != null && subject.isAuthenticated()) {
logger.debug("successfull login");
return true;
} else {
logger.debug("Failed log in");
return false;
}
}
public Subject userAuthentication(String username, String pass) {
Subject currentUser = null;
try {
Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
JdbcRealm realm = (JdbcRealm) ((IniSecurityManagerFactory)
factory).getBeans().get("jdbcRealm");
realm.setAuthenticationQuery("SELECT password FROM user_tbl
WHERE
username=?");
realm.setUserRolesQuery("SELECT role FROM user_tbl WHERE
username=?");
realm.setPermissionsQuery("SELECT permission FROM user_tbl WHERE
username=?");
realm.setPermissionsLookupEnabled(true);
SecurityUtils.setSecurityManager(securityManager);
currentUser = SecurityUtils.getSubject();
//*this is where I created the session*
Session session = currentUser.getSession(true);
session.setAttribute("currentUser", username);
String currentUserValue = (String)
session.getAttribute("currentUser");
if (currentUserValue.equals(username)) {
logger.debug("current logged in user is: [" +
currentUserValue + "]");
}
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new
UsernamePasswordToken(username, pass);
//token.setRememberMe(true);
currentUser.login(token);
}
Subject subject = SecurityUtils.getSubject();
if (subject.hasRole("administrator")) {
logger.debug("has role administrator");
} else {
logger.debug("has no role");
}
} catch (Exception e) {
logger.debug("Authentication with shiro failed: \n" + e);
}
return currentUser;
}
*UsersRestService.java* (Class B) this is my rest endpoint
----------------------------------------------------------------
@POST
@Path("/login/{usernamnpassparam}")
@Consumes("application/json")
public boolean login(@Context HttpServletRequest req, String
usernamnpassparam){
boolean isLoginSuccess = false;
logger.debug("json object: " + usernamnpassparam);
ObjectMapper mapper = new ObjectMapper();
mapper.setVisibility(JsonMethod.FIELD, Visibility.ANY);
mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES,
false);
UserToJavaToJson loginUser = null;
try {
loginUser = mapper.readValue(usernamnpassparam,
UserToJavaToJson.class);
logger.debug("login user: " + loginUser.getUser() + " pass: " +
loginUser.getPass());
UserTblDAO userTblDAO = new UserTblDAO();
isLoginSuccess = userTblDAO.isLoginSuccess(loginUser);
//*retrieve user session such as username and role etc but
currentUser is
returning null*
//*I am trying to get the session that I set from
UserTblDAO.java class here*
HttpSession session = req.getSession();
String currentUser = (String)
session.getAttribute("currentUser");
logger.debug("LOGGED IN AS: " + currentUser);
} catch (JsonParseException e) {
e.printStackTrace();
} catch (JsonMappingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return isLoginSuccess;
}
flow of the above code:
1. login restful service method calls isLoginSuccess method of
UserTblDAO.java from UsersRestService.java
2. isLoginSuccess will then calls userAuthentication and passing in username
and password.
3. userAuthentication will do the authentication and create a session and
return it to login restful service method call
4. from here, I test to see if I can printout the currentUser that was
created during session creation.
5. currentUser always print out as null
I don't think I have my shiro.ini configured correct.
Can you help me out? I am very new to shiro as well as Jersey RESTful api. I
am learning as I go.
Thank you for your time!
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/How-to-get-the-user-session-using-apache-shiro-with-jersey-RESTful-tp7579771p7579776.html
Sent from the Shiro User mailing list archive at Nabble.com.
