Hi there, and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...
https://shiro.apache.org/java-annotations.html >From "integrations" page https://shiro.apache.org/integration.html For Jersey, it enlists this https://github.com/silb/shiro-jersey Thanks, T On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[email protected]> wrote: > I'm using jersey. > > shiro version is 1.2.3. > > > Thanks, > > Jared, (韦煜) > Software developer > Interested in open source software, big data, Linux > ------------------------------ > *From:* Laszlo Hornyak <[email protected]> > *Sent:* Sunday, June 4, 2017 1:41:51 AM > *To:* [email protected] > *Subject:* Re: annotations doesn't take effect, please help to have a look > > Hi Yu, > > What version of shiro do you use? Are you using the rest resources with > spring? > > Best regards, > Laszlo > > On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[email protected]> wrote: > >> Hi guys, >> >> I tried to use annotations for authentication/authorization. However, it >> doesn't work as expected. >> >> Below is shiro.ini, >> >> [main] >> >> # basic authentication >> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter >> >> # password matcher >> pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher >> pwService = org.apache.shiro.authc.credential.DefaultPasswordService >> pwMatcher.passwordService = $pwService >> >> # data source configuration, using JndiObjectFactory to look up the >> attributes >> datasrc = org.apache.shiro.jndi.JndiObjectFactory >> datasrc.requiredType = javax.sql.DataSource >> datasrc.resourceName = mysql/ustudy >> datasrc.resourceRef = true >> >> realm = org.apache.shiro.realm.jdbc.JdbcRealm >> realm.permissionsLookupEnabled = true >> realm.dataSource = $datasrc >> realm.authenticationQuery = select usr_passwd from sec_users where >> loginname = ? >> realm.credentialsMatcher = $pwMatcher >> >> securityManager.realms = $realm >> >> [users] >> >> [roles] >> >> [urls] >> /services/info/list/** = authc, roles[admin] >> /services/info/add/** = authcBasic, roles[admin] >> /services/info/update/** = authcBasic, roles[admin] >> /services/info/delete/** = authcBasic, roles[admin] >> >> In servlet app, one method handle http request is as following, >> >> @GET >> @RequiresAuthentication >> @RequiresPermissions("list:view") >> @Path("list/{type}/{id}") >> @Produces(MediaType.APPLICATION_JSON) >> public Response getList() >> >> >> It seems that @RequiresAuthentication and >> @RequiresPermissions("list:view") do not take effect. >> >> >> Do I misunderstand anything? Or any error in my code? >> >> >> >> Thanks, >> >> Jared, (韦煜) >> Software developer >> Interested in open source software, big data, Linux >> > > > > -- > > EOF > -- Thanks, ~t~
