Hi guys,
I tried to use annotations for authentication/authorization. However, it
doesn't work as expected.
Below is shiro.ini,
[main]
# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService
# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true
realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher
securityManager.realms = $realm
[users]
[roles]
[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]
In servlet app, one method handle http request is as following,
@GET
@RequiresAuthentication
@RequiresPermissions("list:view")
@Path("list/{type}/{id}")
@Produces(MediaType.APPLICATION_JSON)
public Response getList()
It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do
not take effect.
Do I misunderstand anything? Or any error in my code?
Thanks,
Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux
