It sounds like you have nested calls of annotated methods? The initial RMI
call to
myServiceA.securedMethod1() ->
myServiceB.securedMethod2()
It sounds like you could just use a subject.execute() from the initial RMI
service method. This is similar to how the the Shiro Web filters work. Any
following calls to get the subject will have access to the currently bound
one.
Does this help?
On Wed, Feb 1, 2017 at 1:53 AM, yoann159 <[email protected]>
wrote:
> Hi,
>
>
>
> Yes around is the best solution.
>
>
>
> I will try to clarify the part you did not understand:
>
> With the AspectJ around I catch all method execution (and call if I
> configure that also) annotated with @RequireRoles/Permissions/etc (could of
> course only change the pointcut to intercept only when annotations are
> within a class that implements my interface Service), so I need to add in
> the thread context the first time it reaches one of these methods a Boolean
> to know if the subject was already got from a service class (RMI endpoint
> clients call) (or from another context I might do later), if it is True
> then only proceed is called and I do not rebind the subject with execute().
>
> If I was rebinding the subject would be removed from current
> context/thread and any call to another method annotated with
> @RequireRoles/Permissions/etc would throw an exception if not in a service
> class and also I could also try to get the subject within a method later on
> (outside a service class) and I would receive an empty Subject.
>
>
>
> Hope I was clear enough on that point.
>
>
>
> Now I am including Spring in my project because it adds many features that
> I require, @transactional, @Cacheable and simple integration with JOOQ.
>
>
>
> From: Brian Demers [via Shiro User] [mailto:ml-node+
> [email protected]]
> Sent: 2017年1月31日 1:53
> To: yoann159
> Subject: Re: How to make RMI work with Apache Shiro
>
>
>
> I'm not sure i understand this part, the solution you proposed on
> stackoverflow seems like your best bet, use an 'around' and
> subject.execute(). This will allow any other shiro call to function, and
> unbind the thread when complete. Feel free to answer respond back on stack
> overflow
>
>
>
> I tried to intercept Shiro annotations with Before and Around advice with
>
> AspectJ, it works and I can do what I wanted (see link to stackoverflow for
>
> code). Around advice is the good solution, it set and unset the Subject,
>
> what I did not show in my code is that we need to store in the thread
>
> context one more info that we are already in an intercepted call so we do
>
> not need to get the Subject from the Service otherwise it would remove the
>
> subject in nested calls.
>
>
>
> http://stackoverflow.com/questions/41849439/apache-
> shiro-annotation-aop-and-rmi
>
>
>
> On Mon, Jan 30, 2017 at 5:35 AM, yoann159 <[hidden email]> wrote:
>
> Hi,
>
>
>
> So far I decided to use RMI, JUnit 5, Mockito, Guava, JOOQ, AspectJ, Apache
> IO/imaging/Configuration/Net for my project and Apache Shiro (but why not
> use Spring Security? See later explication).
>
>
>
> My application is a standalone app, for desktop. A server app, a client app
> and GUI made with JavaFx.
>
>
>
> I tried to intercept Shiro annotations with Before and Around advice with
> AspectJ, it works and I can do what I wanted (see link to stackoverflow for
> code). Around advice is the good solution, it set and unset the Subject,
> what I did not show in my code is that we need to store in the thread
> context one more info that we are already in an intercepted call so we do
> not need to get the Subject from the Service otherwise it would remove the
> subject in nested calls.
>
>
>
> I know I am going to need to do caching, transactions, metrics for my app
> therefore I started to look for Spring Boot to not code everything ->
> @Transactional, @Cacheable, @Count, etc.
>
> So far I came with different dependencies: Spring boot 2.0.0, Spring
> Security, Spring AOP and AspectJ, Spring Cache, Spring Mail, Spring JOOQ/
> Spring H2 (for tests and dev)/ Spring MySQL driver, Spring Actuator (and
> above framework except Apache Shiro).
>
> So maybe if I use Spring security I do not need Apache Shiro but now I need
> to see how to configure Spring Security with AspectJ.
>
>
>
> If you know what I said above, do you see any incoherence in the different
> technologies I decided to use. All of the one (from Spring) I quoted are
> standalone compatible (not only for web)?
>
>
>
> I suggest we could continue on
> http://stackoverflow.com/questions/41849439/apache-
> shiro-annotation-aop-and-
> rmi as it would reach more people searching on stackoverflow.
>
>
>
> Thank you.
>
>
>
> From: Brian Demers [via Shiro User]
> [mailto:[hidden email]]
> Sent: 2017年1月26日 22:49
> To: yoann159
> Subject: Re: How to make RMI work with Apache Shiro
>
>
>
> I'm not sure I'm fully following anymore, lets take a step back, tell us
> about your stack. And we can point you in the right direction. (there are a
> few ways to process the Shiro annotations, Spring, Guice, JAX-RS, aop, (and
> CDI on a branch).
>
>
>
> Take a look at this as well:
> https://shiro.apache.org/subject.html#thread-association
>
>
>
>
> On Wed, Jan 25, 2017 at 10:47 PM, yoann159 <[hidden email]> wrote:
>
> Hi,
>
>
>
> I tried the aspect example (
> <<a href="https://github.com/apache/shiro/tree/master/
> samples/aspectj/src/main/java/o rg/apache/shiro/samples/aspectj/bank <
> https://github.com/apache/shiro/tree/master/samples/
> aspectj/src/main/java/o%20rg/apache/shiro/samples/aspectj/bank> "
> rel="noreferrer" target="_blank">https://github.com/apache/shiro/tree/
> master/samples/aspectj/src/main/java/o
> rg/apache/shiro/samples/aspectj/bank>
> <a href="https://github.com/apache/shiro/tree/master/
> samples/aspectj/src/main/java/or g/apache/shiro/samples/aspectj/bank <
> https://github.com/apache/shiro/tree/master/samples/
> aspectj/src/main/java/or%20g/apache/shiro/samples/aspectj/bank> "
> rel="noreferrer" target="_blank">https://github.com/apache/shiro/tree/
> master/samples/aspectj/src/main/java/or
> g/apache/shiro/samples/aspectj/bank)
>
> It works for the tests but I do not see how I can intercept the
> RequiresPermissions or RequiresRoles or etc to get the jointpoint called,
> get the reference of subject stored in the service instantiated for that
> client and simply call set method to set Subject to current executing
> thread.
>
>
>
> Also <https://github.com/apache/shiro/blob/master/samples/spring-boot/>
> https://github.com/apache/shiro/blob/master/samples/spring-boot/ is good
> simple example but like I said I do not use Spring context, I do desktop
> app
> with a server and clients.
>
>
>
>
>
> Unless it is possible to use Spring without a web context? Spring boot is
> good but it is more like: @GetMapping() @RequestMapping(…)
>
>
>
> I maybe have a solution with:
> pointcut allow():
> execution(@org.apache.shiro.authz.annotation.RequiresPermissions * *(..))
> ||
> execution(@org.apache.shiro.authz.annotation.RequiresRoles * *(..));
>
> With that I can have before advice and do:
>
>
>
> ((Service) thisJoinPoint.getThis()).getSubject();
> ThreadState threadState = new SubjectThreadState(subject);
> threadState.bind();
>
>
>
> Not sure if I need to add a after advice to unbind the threadState but it
> seems to work, and anyway any method will override the current subject.
> What
> would you suggest?
>
>
>
> Thank you.
>
>
>
>
> From: Brian Demers [via Shiro User] [mailto:[hidden email]]
>
> Sent: 2017年1月25日 22:32
> To: yoann159
> Subject: Re: How to make RMI work with Apache Shiro
>
>
>
> Take a look at: https://shiro.apache.org/spring.html#secure-spring-
> remoting
>
>
>
> Most of the Spring samples also include a remoting example:Â
> https://github.com/apache/shiro/tree/master/samples
>
>
>
> There is also an aspectj example
>
>
>
> On Tue, Jan 24, 2017 at 11:24 PM, yoann159 <[hidden email]> wrote:
>
> How to make RMI work with Apache Shiro?
>
> Each calls on a method with @RequireRoles("..") execute on different thread
> shared by multiple clients.
>
> Is there a way to intercept this AOP, set the current Subject for this
> thread (threadLocal), then unset it at the end of the method?
>
> Thank you for your help
>
>
>
> --
> View this message in context:
> <a href="http://shiro-user.582556.n2.nabble.com/How-to-
> make-RMI-work-with-Apache-Shir o-tp7581467.html <
> http://shiro-user.582556.n2.nabble.com/How-to-make-RMI-
> work-with-Apache-Shir%20o-tp7581467.html> " rel="noreferrer"
> target="_blank">http://shiro-user.582556.n2.nabble.com/How-
> to-make-RMI-work-with-Apache-Shir
> o-tp7581467.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
>
>
>
>
> _____
>
> If you reply to this email, your message will be added to the discussion
> below:
>
> <a href="http://shiro-user.582556.n2.nabble.com/How-to-
> make-RMI-work-with-Apache-Shi ro-tp7581467p7581468.html <
> http://shiro-user.582556.n2.nabble.com/How-to-make-RMI-
> work-with-Apache-Shi%20ro-tp7581467p7581468.html> " rel="noreferrer"
> target="_blank">http://shiro-user.582556.n2.nabble.com/How-
> to-make-RMI-work-with-Apache-Shi
> ro-tp7581467p7581468.html
>
> To unsubscribe from How to make RMI work with Apache Shiro, click here
> <<a href="http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=unsub scribe_by_code <http://shiro-user.582556.n2.
> nabble.com/template/NamlServlet.jtp?macro=unsub%20scribe_by_code&node=
> 7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW1zLmNvbXw3NTg>
> &node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW1zLmNvbXw3NTg"
> rel="noreferrer" target="_blank">http://shiro-user.582556.n2.nabble.com/
> template/NamlServlet.jtp?macro=unsub
> scribe_by_code&node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW
> 1zLmNvbXw3NTg
> xNDY3fDYzMDk5NjIyOQ==> .
>
> <http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=macro
> _viewer
>
> <<a href="http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=macro _viewer <http://shiro-user.582556.n2.
> nabble.com/template/NamlServlet.jtp?macro=macro%
> 20_viewer&id=instant_html%21nabble%3Aemail.naml&
> base=nabble.naml.namespaces.Ba%20sicNamespace-nabble.view.
> web.template.NabbleNamespace-nabble.view.web.templa%20te.
> NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
> 3Aemail.naml-instan%20t_emails%21nabble%3Aemail.naml-
> send_instant_email%21nabble%3Aemail.naml> &id=instant_html%21nabble%
> 3Aemail.naml&base=nabble.naml.namespaces.Ba
> sicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.templa
> te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instan
> t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml"
> rel="noreferrer" target="_blank">http://shiro-user.582556.n2.nabble.com/
> template/NamlServlet.jtp?macro=macro
> _viewer&id=instant_html%21nabble%3Aemail.naml&base=nab
> ble.naml.namespaces.Ba
> sicNamespace-nabble.view.web.template.NabbleNamespace-
> nabble.view.web.templa
> te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
> 3Aemail.naml-instan
> t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
> &id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.
> namespaces.BasicName
> space-nabble.view.web.template.NabbleNamespace-
> nabble.view.web.template.Node
> Namespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.
> naml-instant_email
> s%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML
>
>
>
>
>
> --
> View this message in context:
> <a href="http://shiro-user.582556.n2.nabble.com/How-to-
> make-RMI-work-with-Apache-Shir o-tp7581467p7581473.html <
> http://shiro-user.582556.n2.nabble.com/How-to-make-RMI-
> work-with-Apache-Shir%20o-tp7581467p7581473.html> " rel="noreferrer"
> target="_blank">http://shiro-user.582556.n2.nabble.com/How-
> to-make-RMI-work-with-Apache-Shir
> o-tp7581467p7581473.html
>
> Sent from the Shiro User mailing list archive at Nabble.com.
>
>
>
>
>
> _____
>
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/How-to-make-RMI-
> work-with-Apache-Shi
> ro-tp7581467p7581474.html
>
> To unsubscribe from How to make RMI work with Apache Shiro, click here
> <<a href="http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=unsub scribe_by_code <http://shiro-user.582556.n2.
> nabble.com/template/NamlServlet.jtp?macro=unsub%20scribe_by_code&node=
> 7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW1zLmNvbXw3NTg>
> &node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW1zLmNvbXw3NTg"
> rel="noreferrer" target="_blank">http://shiro-user.582556.n2.nabble.com/
> template/NamlServlet.jtp?macro=unsub
> scribe_by_code&node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW
> 1zLmNvbXw3NTg
> xNDY3fDYzMDk5NjIyOQ==> .
>
> <<a href="http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=macro _viewer <http://shiro-user.582556.n2.
> nabble.com/template/NamlServlet.jtp?macro=macro%
> 20_viewer&id=instant_html%21nabble%3Aemail.naml&
> base=nabble.naml.namespaces.Ba%20sicNamespace-nabble.view.
> web.template.NabbleNamespace-nabble.view.web.templa%20te.
> NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
> 3Aemail.naml-instan%20t_emails%21nabble%3Aemail.naml-
> send_instant_email%21nabble%3Aemail.naml> &id=instant_html%21nabble%
> 3Aemail.naml&base=nabble.naml.namespaces.Ba
> sicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.templa
> te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instan
> t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml"
> rel="noreferrer" target="_blank">http://shiro-user.582556.n2.nabble.com/
> template/NamlServlet.jtp?macro=macro
> _viewer&id=instant_html%21nabble%3Aemail.naml&base=nab
> ble.naml.namespaces.Ba
> sicNamespace-nabble.view.web.template.NabbleNamespace-
> nabble.view.web.templa
> te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
> 3Aemail.naml-instan
> t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
> NAML
>
>
>
> winmail.dat (15K) <http://shiro-user.582556.n2.
> nabble.com/attachment/7581479/0/winmail.dat>
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/How-to-make-RMI-work-with-Apache-Shiro-tp7581467p7581479.html
>
> Sent from the Shiro User mailing list archive at Nabble.com.
>
>
>
>
>
> _____
>
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/How-to-make-RMI-
> work-with-Apache-Shiro-tp7581467p7581480.html
>
> To unsubscribe from How to make RMI work with Apache Shiro, click here <
> http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=
> unsubscribe_by_code&node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW
> 1zLmNvbXw3NTgxNDY3fDYzMDk5NjIyOQ==> .
> <http://shiro-user.582556.n2.nabble.com/template/
> NamlServlet.jtp?macro=macro_viewer&id=instant_html%
> 21nabble%3Aemail.naml&base=nabble.naml.namespaces.
> BasicNamespace-nabble.view.web.template.NabbleNamespace-
> nabble.view.web.template.NodeNamespace&breadcrumbs=
> notify_subscribers%21nabble%3Aemail.naml-instant_emails%
> 21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML
>
>
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.
> nabble.com/How-to-make-RMI-work-with-Apache-Shiro-tp7581467p7581484.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
