Are you using CDI or JEE (EJB) with Jersey? If yes, you can use CDI or EJB interceptors to achieve that goal. http://code.google.com/p/flowlogix/wiki/TLShiroSecurityInterceptor
On May 27, 2014, at 4:42 PM, agilone wrote: > Hi Everyone, > > We are building Resftful API's with Jersey and would like to create > attributes/annotations to authenticate and authorize users without > additional security code needed in implementing class/method. > We have been using Play for long time but decided to move to Jersey for > several stability problems we encountered in Play. Thus we already have > similar mechanism running in Play Framework 2.2 by using Actions and > Annotations. Please check this link to get some idea how it works > http://www.playframework.com/documentation/2.2.x/JavaActionsComposition > > We have a jar package which is implementing security methods of Shiro and > using JDBC salted realm as a storage layer and EnterpriseCachingSession with > memcached for sessions. It works great so far. And we benefit a lot by using > Annotations since it prevent users to make silly mistakes when it comes to > implementing security calls. See below sample which requires few params to > secure entire method (or class) > > @Authentication.LoggedIn(isApiClient = false,onlyAllowAdmin = > false,permissionValues = {PermissionsEnum.PERMXXXXX},operator = > Authentication.Operator.AND) > public static List<MetaInfoItem> someMethod(int page, EspType espType) { > ... > ... > return; > } > > > > We would like to achieve same with Jersey however not sure which is the best > way (or what are the best practices to use Shiro with Jersey). > I really appreciate if you can share your experience and knowledge with me. > > Thanks in advance, > > ED > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Shiro-and-Jersey-REST-API-integration-Attributes-Annotations-and-Interceptors-tp7580009.html > Sent from the Shiro User mailing list archive at Nabble.com. >
