I think Apache Aurora uses both Shiro and Thrift, you may want to take a look and see what they do in their code base.
On Thu, Apr 20, 2017 at 4:25 PM, Mario Emmenlauer <[email protected]> wrote: > > Dear Brian, > > thanks a lot for this quick response, I'll check out the spring-mvc! > > Admittedly, I'm a bit oblivious to most of Javas web technologies. I'm > implementing a "plain" Java 8 Server with a multi-threaded Apache Thrift > API. Clients are typically C++ and sometimes Java. My idea is: > - client calls RPC method for login with Username, Password > - server returns SessionID to client > - client may use API with SessionID for X time (even after disconnect), > so every API method validates SessionID before any action > > Currently I do this with a simple thread-save Set<String> on the Server > to store session ID's, and libsodium for the password encryption. But > Shiro seems more suitable, and LDAP and CROWD authentication would be > great to have. > > All the best, > > Mario > > > > On 20.04.2017 22:15, Brian Demers wrote: > > Hey Mario, > > > > The typical use case is a web server (though not limited to this). An > RPC app > > can fit into this category. > > This example uses Spring > > remoting: https://github.com/apache/shiro/tree/master/samples/spring-mvc > > > > The getSubject() method will return the subject bound to the current > thread. So > > If your application is not using HTTP, you would just need bind a new > subject to > > your handling thread. > > > > Can you give a few more details on your stack, and we might be able to > point you > > in the right direction. > > > > -Brian > > > > > > On Thu, Apr 20, 2017 at 4:05 PM, Mario Emmenlauer <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > Dear All, > > > > is Shiro good to be used for a server application? From the tutorial > > and documentation I found that a general concept is the "current > user": > > Subject currentUser = SecurityUtils.getSubject(); > > > > But in my Java server application, I'd like to work with remote users > > from a C++ app (via RPC). The remote users send credentials via SSL > RPC, > > and receive a session token. The server side authentication is not > based > > on currentUser, but on the username/password. Am I understanding > correctly > > that this is not the "typical" use case for Shiro? Is Shiro even a > good > > match for this use case? How to generate a Subject and session token? > > > > Awesome software, by the way! :-) > > > > Thanks and all the best, > > > > Mario > > > > Viele Gruesse, > > Mario Emmenlauer > > > -- > BioDataAnalysis GmbH, Mario Emmenlauer Tel. Buero: +49-89-74677203 > Balanstr. 43 mailto: memmenlauer * biodataanalysis.de > D-81669 München http://www.biodataanalysis.de/ >
