Alright, well I guess I have a better understanding of how cxf is integrating with Jetty now. The servlet API doesn't appear to be involved at all. There's a jetty handler that directly invokes the CXF code. That's going to be a problem since the only built-in authentication filters that shiro provides are based on the servlet API. I've been toying with the idea of doing a native JAX-RS filter but I haven't done anything with it yet.
If this is definitely how the jetty cxf integration needs to work in your project, then you're going to need to write your own filters. Sorry I couldn't be of more help. On Sun, Aug 30, 2015 at 1:20 PM, aidaverdi800 <[email protected]> wrote: > Oh sorry! There is no need to call the serverconfig.xml in this case, it > manages other things. If you get the repo again it should be working. > > Lisa > > On Sun, Aug 30, 2015 at 7:44 PM, Jared Bunting < > [email protected]> wrote: > >> Cool. I think it's missing a ServerConfig.xml. >> >> org.springframework.context.ApplicationContextException: Failed to load >> configuration ServerConfig.xml >> at >> org.apache.cxf.bus.spring.BusApplicationContext.getConfigResources(BusApplicationContext.java:202) >> at >> org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:121) >> at >> org.apache.cxf.bus.spring.BusApplicationContext.loadBeanDefinitions(BusApplicationContext.java:322) >> at >> org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131) >> at >> org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527) >> at >> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441) >> at >> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:107) >> at >> org.apache.cxf.bus.spring.BusApplicationContext$1.run(BusApplicationContext.java:105) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> org.apache.cxf.bus.spring.BusApplicationContext.<init>(BusApplicationContext.java:105) >> at >> org.apache.cxf.bus.spring.SpringBusFactory.createApplicationContext(SpringBusFactory.java:157) >> at >> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:148) >> at >> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:124) >> at >> org.apache.cxf.bus.spring.SpringBusFactory.createBus(SpringBusFactory.java:94) >> at cxfshiro.Main.main(Main.java:37) >> >> On Sun, Aug 30, 2015 at 9:36 AM, aidaverdi800 <[email protected]> >> wrote: >> >>> Thank you! >>> I added a quick mini project with the issue here >>> https://github.com/lisaziri/shiro-cxf-example >>> Thanks again, >>> >>> Lisa >>> >>> On Sun, Aug 30, 2015 at 3:09 AM, Jared Bunting < >>> [email protected]> wrote: >>> >>>> If you have a bit more of a project demonstrating the issue I can take >>>> a look. Our core product runs jetty embedded, with jersey and Shiro. I >>>> can't imagine that cxf would be so different that it wouldn't work. >>>> On Aug 29, 2015 7:34 PM, "aidaverdi800" <[email protected]> wrote: >>>> >>>>> I'm back again, I really cannot figure out how to make work shiro in >>>>> my environment. >>>>> It seems that there isn't a way to add shiro filter in cxf with jetty >>>>> embedded and no web.xml. I was thinking of doing a new cxf interceptor >>>>> calling shiro classes but then I will lose the simplicity of shiro >>>>> configuration. >>>>> >>>>> I tried also to add this code to convert cxf server to jetty server >>>>> and add the filter as suggested, but if I don't add the shiro filter >>>>> everything works and I can call my url. If I add the context handler the >>>>> new servlet doesn't point to the rest resources, so the result of >>>>> accessing >>>>> the urls with shiro is "Error 404 Not Found". I'm a beginner in cxf too so >>>>> understanding what is going on is tricky. >>>>> >>>>> // old code >>>>> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean(); >>>>> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider(); >>>>> ObjectMapper m = new ObjectMapper(); >>>>> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true); >>>>> >>>>> jackson.setMapper(m); >>>>> CrossOriginResourceSharingFilter cors = new >>>>> CrossOriginResourceSharingFilter(); >>>>> sf.setProviders( Arrays.< Object >asList(cors, jackson ) ); >>>>> sf.setResourceProvider(CvService.class, new >>>>> SingletonResourceProvider(new Curricula(env))); >>>>> System.out.println("webservice published on "+address); >>>>> sf.setAddress(address); >>>>> >>>>> ì >>>>> Server cxfServer = sf.create(); >>>>> >>>>> // new code >>>>> Destination dest = cxfServer.getDestination(); >>>>> JettyHTTPDestination jettyDestination = >>>>> JettyHTTPDestination.class.cast(dest); >>>>> ServerEngine engine = jettyDestination.getEngine(); >>>>> JettyHTTPServerEngine serverEngine = >>>>> JettyHTTPServerEngine.class.cast(engine); >>>>> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer(); >>>>> >>>>> >>>>> // Had to start the server to get the Jetty Server instance. >>>>> // Have to stop it to add the custom Jetty handler. >>>>> httpServer.stop(); >>>>> httpServer.join(); >>>>> >>>>> >>>>> CXFNonSpringJaxrsServlet jaxrsServlet = new >>>>> CXFNonSpringJaxrsServlet(); >>>>> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet); >>>>> ServletContextHandler context=new >>>>> ServletContextHandler(ServletContextHandler.SECURITY); >>>>> context.addServlet(servletHolder, "/*"); context.setContextPath("/"); >>>>> >>>>> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini"); >>>>> context.addEventListener(new EnvironmentLoaderListener()); >>>>> FilterHolder filterHolder = new FilterHolder(); >>>>> filterHolder.setFilter(new ShiroFilter()); >>>>> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class); >>>>> context.addFilter(filterHolder, "/*", types); >>>>> >>>>> httpServer.setHandler(context); >>>>> >>>>> httpServer.start(); >>>>> httpServer.join(); >>>>> >>>>> Could anyone that has ecountered similar problem give me a suggestion >>>>> for the best direction to analyse? I would like to use shiro better than >>>>> cxf security but it seems really complicated in my case. Is the cxf >>>>> interceptor the way to go? >>>>> >>>>> Lisa >>>>> >>>>> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <[email protected] >>>>> > wrote: >>>>> >>>>>> Just on a side-note, >>>>>> /users/** = authcBasic >>>>>> leaves your user-password as plain-text and therefor totally >>>>>> vulnerable to >>>>>> eavesdropping. >>>>>> In production environments I suggest you change that line to >>>>>> /users/** = ssl[insert your port number here], authcBasic >>>>>> for instance my server >>>>>> /users/** = ssl[8443], authcBasic >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html >>>>>> Sent from the Shiro User mailing list archive at Nabble.com. >>>>>> >>>>> >>>>> >>> >> >
