I guess what is more suitable for you is JASIG CAS. https://wiki.jasig.org/display/CAS/Home Give it a spin
On Fri, Apr 21, 2017 at 1:58 AM, Brian Demers <[email protected]> wrote: > I think Apache Aurora uses both Shiro and Thrift, you may want to take a > look and see what they do in their code base. > > On Thu, Apr 20, 2017 at 4:25 PM, Mario Emmenlauer <[email protected]> > wrote: > >> >> Dear Brian, >> >> thanks a lot for this quick response, I'll check out the spring-mvc! >> >> Admittedly, I'm a bit oblivious to most of Javas web technologies. I'm >> implementing a "plain" Java 8 Server with a multi-threaded Apache Thrift >> API. Clients are typically C++ and sometimes Java. My idea is: >> - client calls RPC method for login with Username, Password >> - server returns SessionID to client >> - client may use API with SessionID for X time (even after disconnect), >> so every API method validates SessionID before any action >> >> Currently I do this with a simple thread-save Set<String> on the Server >> to store session ID's, and libsodium for the password encryption. But >> Shiro seems more suitable, and LDAP and CROWD authentication would be >> great to have. >> >> All the best, >> >> Mario >> >> >> >> On 20.04.2017 22:15, Brian Demers wrote: >> > Hey Mario, >> > >> > The typical use case is a web server (though not limited to this). An >> RPC app >> > can fit into this category. >> > This example uses Spring >> > remoting: https://github.com/apache/shiro/tree/master/samples/spring- >> mvc >> > >> > The getSubject() method will return the subject bound to the current >> thread. So >> > If your application is not using HTTP, you would just need bind a new >> subject to >> > your handling thread. >> > >> > Can you give a few more details on your stack, and we might be able to >> point you >> > in the right direction. >> > >> > -Brian >> > >> > >> > On Thu, Apr 20, 2017 at 4:05 PM, Mario Emmenlauer <[email protected] >> > <mailto:[email protected]>> wrote: >> > >> > >> > Dear All, >> > >> > is Shiro good to be used for a server application? From the tutorial >> > and documentation I found that a general concept is the "current >> user": >> > Subject currentUser = SecurityUtils.getSubject(); >> > >> > But in my Java server application, I'd like to work with remote >> users >> > from a C++ app (via RPC). The remote users send credentials via SSL >> RPC, >> > and receive a session token. The server side authentication is not >> based >> > on currentUser, but on the username/password. Am I understanding >> correctly >> > that this is not the "typical" use case for Shiro? Is Shiro even a >> good >> > match for this use case? How to generate a Subject and session >> token? >> > >> > Awesome software, by the way! :-) >> > >> > Thanks and all the best, >> > >> > Mario >> >> >> >> Viele Gruesse, >> >> Mario Emmenlauer >> >> >> -- >> BioDataAnalysis GmbH, Mario Emmenlauer Tel. Buero: +49-89-74677203 >> Balanstr. 43 mailto: memmenlauer * biodataanalysis.de >> D-81669 München http://www.biodataanalysis.de/ >> > >
