I also noticed that jersey is not officially supported. Currently I have a web service written with jersey, and need to secure it.
However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3. I'm looking for other solutions. Any advice? Thanks, Jared, (韦煜) Software developer Interested in open source software, big data, Linux ________________________________ From: Tamás Cservenák <[email protected]> Sent: Sunday, June 4, 2017 2:06:51 AM To: [email protected] Subject: Re: annotations doesn't take effect, please help to have a look Hi there, and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing... https://shiro.apache.org/java-annotations.html From "integrations" page https://shiro.apache.org/integration.html For Jersey, it enlists this https://github.com/silb/shiro-jersey Thanks, T On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[email protected]<mailto:[email protected]>> wrote: I'm using jersey. shiro version is 1.2.3. Thanks, Jared, (韦煜) Software developer Interested in open source software, big data, Linux ________________________________ From: Laszlo Hornyak <[email protected]<mailto:[email protected]>> Sent: Sunday, June 4, 2017 1:41:51 AM To: [email protected]<mailto:[email protected]> Subject: Re: annotations doesn't take effect, please help to have a look Hi Yu, What version of shiro do you use? Are you using the rest resources with spring? Best regards, Laszlo On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[email protected]<mailto:[email protected]>> wrote: Hi guys, I tried to use annotations for authentication/authorization. However, it doesn't work as expected. Below is shiro.ini, [main] # basic authentication authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter # password matcher pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher pwService = org.apache.shiro.authc.credential.DefaultPasswordService pwMatcher.passwordService = $pwService # data source configuration, using JndiObjectFactory to look up the attributes datasrc = org.apache.shiro.jndi.JndiObjectFactory datasrc.requiredType = javax.sql.DataSource datasrc.resourceName = mysql/ustudy datasrc.resourceRef = true realm = org.apache.shiro.realm.jdbc.JdbcRealm realm.permissionsLookupEnabled = true realm.dataSource = $datasrc realm.authenticationQuery = select usr_passwd from sec_users where loginname = ? realm.credentialsMatcher = $pwMatcher securityManager.realms = $realm [users] [roles] [urls] /services/info/list/** = authc, roles[admin] /services/info/add/** = authcBasic, roles[admin] /services/info/update/** = authcBasic, roles[admin] /services/info/delete/** = authcBasic, roles[admin] In servlet app, one method handle http request is as following, @GET @RequiresAuthentication @RequiresPermissions("list:view") @Path("list/{type}/{id}") @Produces(MediaType.APPLICATION_JSON) public Response getList() It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect. Do I misunderstand anything? Or any error in my code? Thanks, Jared, (韦煜) Software developer Interested in open source software, big data, Linux -- EOF -- Thanks, ~t~
