That was one of the features added to 1.4.0 org.apache.shiro:shiro-jaxrs:1.4.0 It isn't dependent on jersey, it is a portable extension (heavily based on Stig Inge Lea Bjørnsen's work)
On Thu, Dec 21, 2017 at 9:01 AM, Joerg Schoenfisch <[email protected]> wrote: > I just realized that I also need to run some AOP processor in my build... > > I also found the following project which works nicely for Jersey > applications, maybe something like this can be directly included in the > ShiroFilter: https://github.com/silb/shiro-jersey > > > Best > > > > Am 21.12.2017 um 14:13 schrieb Joerg Schoenfisch <[email protected]>: > > > > Hi all, > > > > I'm trying to use Shiro to secure a Jersey application. However, the > @RequiresAuthentication and @RequiresUser annotations seem to be simply > ignored. > > I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no > other filters are defined. Login and session handling work fine. But when I > call a method that uses those annotations, it is not checked whether the > subject is authenticated. The method is called although > SecurityUtils.getSubject().isAuthenticated() == false. > > Basically my setup is similar to here: https://stackoverflow.com/ > questions/47548066/requiresroles-annotation-not-working-in-shiro > > I'm just using Shiro 1.4 > > > > Am I missing an essential part of the configuration? > > > > > > Best, > > Joerg > >
