This page in the Shiro docs explains how to configure filters when using web.xml - http://shiro.apache.org/web.html. All of that can be done programatically instead.
You should be able to create a ServletContext object and add the filter to it (as well as any configuration properties for the filter). Then you add the ServletContext object to the Server object you created, and then start the server. This Stack Overflow link shows the basic idea of how to do create a ServletContext object - http://stackoverflow.com/questions/19530806/java-jetty-how-to-add-filter-to-embedded-jetty On Thu, Jul 9, 2015 at 1:46 PM, aidaverdi800 <[email protected]> wrote: > We don't have web.xml, I forgot to tell that I use Jetty embedded so mine > is not the tipical webapp layout. The webservice it is only thought to be > used as an api so we configured it programmatically for now. Is there a wey > to do the same in my main class? > > Lisa > > On Thu, Jul 9, 2015 at 7:40 PM, Christian Wolfe <[email protected]> > wrote: > >> Have you set up the Shiro Filter in the application's web.xml file? >> >> On Thu, Jul 9, 2015 at 1:39 PM, aidaverdi800 <[email protected]> >> wrote: >> >>> >>> Hi all, >>> I'm new to Shiro and I would like to integrate it in my jaxrs >>> webservice. It has an api to be used by an ajax client. >>> >>> The web service starts programmatically in this way: >>> >>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean(); >>> >>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider(); >>> ObjectMapper m = new ObjectMapper(); >>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true); >>> >>> jackson.setMapper(m); >>> CrossOriginResourceSharingFilter cors = new >>> CrossOriginResourceSharingFilter(); >>> sf.setProviders( Arrays.< Object >asList(cors, jackson) ); >>> sf.setResourceClasses(Service.class, Users.class ); >>> sf.setResourceProvider(Service.class, new SingletonResourceProvider(new >>> ServiceImpl(env))); >>> sf.setResourceProvider(Users.class, new SingletonResourceProvider(new >>> Users(env))); >>> >>> sf.setAddress(address); >>> Server server = sf.create(); >>> >>> I added >>> >>> Factory<SecurityManager> shiro = new >>> IniSecurityManagerFactory("classpath:shiro.ini"); >>> SecurityUtils.setSecurityManager(securityManager); >>> to configure shiro >>> >>> My shiro.ini is now very simple. >>> >>> [main] >>> >>> # ------------------------ >>> # Database >>> >>> # Own Realm >>> jdbcRealm = service.nexdata.SecurityRealm >>> >>> # Sha256 >>> sha256Matcher = >>> org.apache.shiro.authc.credential.Sha256CredentialsMatcher >>> # base64 encoding, not hex in this example: >>> sha256Matcher.storedCredentialsHexEncoded = false >>> sha256Matcher.hashIterations = 1024 >>> >>> jdbcRealm.credentialsMatcher = $sha256Matcher >>> >>> >>> [urls] >>> >>> /users/** = authcBasic >>> >>> >>> and the SecurityRealm implements JdbcRealm and specialize it with my >>> user db and works well, I tested it. >>> >>> Service and Users are two rest apis and I have a status method for >>> development >>> >>> @CrossOriginResourceSharing(allowAllOrigins = true, maxAge = 100000, >>> allowHeaders = {"X-custom-1", "X-custom-2"}, exposeHeaders = >>> {"X-custom-3", "X-custom-4"}) >>> @Path("/service") >>> public abstract class CvService { >>> ... >>> >>> @GET >>> @Path("/status/") >>> public abstract Response status(); // returns if the service is up and >>> running >>> } >>> >>> >>> >>> @CrossOriginResourceSharing(allowAllOrigins = true, maxAge = 300, >>> allowHeaders = {"X-custom-1", "X-custom-2"}, exposeHeaders = >>> {"X-custom-3", "X-custom-4"}) >>> @Path("/users") >>> public abstract class Users { >>> >>> @GET >>> @Path("/status/") >>> public abstract Response status(); >>> } >>> >>> implemented by >>> public Response status() >>> { >>> Subject currentUser = SecurityUtils.getSubject(); >>> boolean auth = currentUser.isAuthenticated(); >>> if (auth) >>> return Response.status(Status.OK).entity("User Service up and >>> running!").build(); >>> else >>> return Response.status(Status.OK).entity("User authentication >>> needed!").build(); >>> } >>> >>> Shiro seems to work quite well if I do explicit login and logout, but >>> the authBasic filter doesn't seem to work. >>> >>> I tested it with the chrome extension Advanced Rest Client and putting >>> some breakpoints in BasicHttpAuthenticationFilter and the filter is >>> completly ignored. >>> >>> I have the feeling that shiro.ini is not enough in this case and I must >>> esplicitly tell the jaxrs server to use shiro filter first but I don't know >>> how. >>> >>> Is it right? Could you help me, please? >>> Thank you in advance, >>> >>> >>> Lisa >>> >>> >>> >> >
