Yes, you replace container authentication with Shiro. If you have hard-coded users and roles, Shiro won't do much for you. Shiro starts to shine when you start saving users / roles / permissions in the database, or better yet Stormpath. This is where all flexibility of Shiro comes in.
There are plenty of examples on Shiro's web site, and they all apply to GWT equally as to anything else. here are the key methods: Subject.login() - authenticate Subject.isUserInRole() Subject.isPermitted() There are libraries out there that integrate this with CDI / EJB so you can use annotations for some of the above. On May 31, 2015, at 9:21 AM, David Hoffer wrote: > Another way of asking this question is...how to use Shiro to simply replace > the authentication provided by the container? E.g. I have configured the GWT > to use container authentication and it works fine, so how to do the same with > Shiro? I just want an interface to implement for the users, no > db/stormpath/etc. > > While I'm on this question, what are the main benefits/reasons for using > Shiro and not just use the J2EE/container authentication? Can Shiro > integrate with J2EE/container authentication or is it one or the other? > > I'd really like to see some basic examples of how Shiro is better/different > than J2EE/container authentication and how to integrate with single page web > apps with RPC, such as GWT apps. > > -Dave > > On Fri, May 29, 2015 at 2:03 PM, David Hoffer <dhoff...@gmail.com> wrote: > I have an existing GWT app where I want to add simple login support so I can > customize backend support/features per user (or actually groups of users). > My use case is very basic, all I need to do is display a login dialog before > my app loads so I know what user is using the app, then on the server I will > have a property file that knows about all users(groups) with various > properties custom for each group. Its a bit more complicated than that...but > not much. > > I thought I would use Shiro for this as it's reported to be simple to use so > it seems a good fit. > > However I have not used Shiro before and find the online documentation > confusing because it references other tools that are not relevant in my case, > e.g. stormpath, git, etc. Also the samples seem to use jsp for > login/logout/etc. Since I have a GWT app, I have a single HTML file but no > jsp. What is the simplest way to add a login to my app server (Tomcat) and > then have Shiro know about that login so on the server I can determine which > user it is? > > -Dave >
