It's not trivial, but I have managed to do this, and the result is much, much better than JEE / Glassfish's own authentication API solution. The key is to "encode" Shiro's Subject in an EJB interceptor and call Java's Subject.runAs() on the protected EJB, and do the remote encoding / decoding in the interceptor.
My solution is integrated with Tapestry, but I think the library can be used without tapestry, as it's relatively self-contained. http://code.google.com/p/flowlogix/ http://code.google.com/p/flowlogix/wiki/TapestryLibrary http://code.google.com/p/flowlogix/wiki/TLShiroSecurityInterceptor http://code.google.com/p/flowlogix/source/browse/tapestry-services/src/main/java/com/flowlogix/security/ShiroSecurityInterceptor.java http://code.google.com/p/flowlogix/source/browse/tapestry-services/src/main/java/com/flowlogix/security/WebSecurityFilter.java (maybe) http://code.google.com/p/flowlogix/source/browse/tapestry-services/src/main/java/com/flowlogix/web/services/internal/SecurityInterceptorFilter.java On May 26, 2014, at 3:32 PM, P82 wrote: > Hello experts! The subject describes well what I want. Can you say will it > work and can anyone provide tutorial/example how to implement shiro security > to connect protected remote ejb from standalone client. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Glassfish-4-EJB-Shiro-OSGI-standalone-client-tp7579977.html > Sent from the Shiro User mailing list archive at Nabble.com. >
