Thank you! I added a quick mini project with the issue here https://github.com/lisaziri/shiro-cxf-example Thanks again,
Lisa On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting <[email protected]> wrote: > If you have a bit more of a project demonstrating the issue I can take a > look. Our core product runs jetty embedded, with jersey and Shiro. I can't > imagine that cxf would be so different that it wouldn't work. > On Aug 29, 2015 7:34 PM, "aidaverdi800" <[email protected]> wrote: > >> I'm back again, I really cannot figure out how to make work shiro in my >> environment. >> It seems that there isn't a way to add shiro filter in cxf with jetty >> embedded and no web.xml. I was thinking of doing a new cxf interceptor >> calling shiro classes but then I will lose the simplicity of shiro >> configuration. >> >> I tried also to add this code to convert cxf server to jetty server and >> add the filter as suggested, but if I don't add the shiro filter everything >> works and I can call my url. If I add the context handler the new servlet >> doesn't point to the rest resources, so the result of accessing the urls >> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so >> understanding what is going on is tricky. >> >> // old code >> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean(); >> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider(); >> ObjectMapper m = new ObjectMapper(); >> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true); >> >> jackson.setMapper(m); >> CrossOriginResourceSharingFilter cors = new >> CrossOriginResourceSharingFilter(); >> sf.setProviders( Arrays.< Object >asList(cors, jackson ) ); >> sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new >> Curricula(env))); >> System.out.println("webservice published on "+address); >> sf.setAddress(address); >> >> ì >> Server cxfServer = sf.create(); >> >> // new code >> Destination dest = cxfServer.getDestination(); >> JettyHTTPDestination jettyDestination = >> JettyHTTPDestination.class.cast(dest); >> ServerEngine engine = jettyDestination.getEngine(); >> JettyHTTPServerEngine serverEngine = >> JettyHTTPServerEngine.class.cast(engine); >> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer(); >> >> >> // Had to start the server to get the Jetty Server instance. >> // Have to stop it to add the custom Jetty handler. >> httpServer.stop(); >> httpServer.join(); >> >> >> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet(); >> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet); >> ServletContextHandler context=new >> ServletContextHandler(ServletContextHandler.SECURITY); >> context.addServlet(servletHolder, "/*"); context.setContextPath("/"); >> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini"); >> context.addEventListener(new EnvironmentLoaderListener()); >> FilterHolder filterHolder = new FilterHolder(); >> filterHolder.setFilter(new ShiroFilter()); >> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class); >> context.addFilter(filterHolder, "/*", types); >> >> httpServer.setHandler(context); >> >> httpServer.start(); >> httpServer.join(); >> >> Could anyone that has ecountered similar problem give me a suggestion for >> the best direction to analyse? I would like to use shiro better than cxf >> security but it seems really complicated in my case. Is the cxf interceptor >> the way to go? >> >> Lisa >> >> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <[email protected]> >> wrote: >> >>> Just on a side-note, >>> /users/** = authcBasic >>> leaves your user-password as plain-text and therefor totally vulnerable >>> to >>> eavesdropping. >>> In production environments I suggest you change that line to >>> /users/** = ssl[insert your port number here], authcBasic >>> for instance my server >>> /users/** = ssl[8443], authcBasic >>> >>> >>> >>> -- >>> View this message in context: >>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >>
