Hi.
Thanks for the hints.
I think my first approach wasn't too wrong, but it's still something
missing there... I set up a ServletContextHandler and configured it
according to the web.xml file in the example, and I let my RequestHandler
extend HandlerWrapper instead of AbstractHandler (don't really know if
tthat's the right approach...):
/* handlers */
ServletContextHandler context = new ServletContextHandler();
context.setInitParameter("shiroConfigLocations", "classpath:shiro.ini");
context.addEventListener(new EnvironmentLoaderListener());
context.addFilter(ShiroFilter.class, "/*", EnumSet.of(REQUEST,
FORWARD, INCLUDE, ERROR, ASYNC));
GzipHandler gzip = new GzipHandler();
gzip.setIncludedMimeTypes("text/html", "text/plain", "application/json");
RequestHandler requestHandler = new RequestHandler(this.gson, this.tractDB);
context.insertHandler(requestHandler);
context.setGzipHandler(gzip);
this.server.setHandler(context);
But it seems to work now ---- What i found was that I initialized the
shiro.ini file in the main method. I somehow missed that, banging my head
at the table right now :).
thank you.
Am Fr., 13. Mai 2022 um 07:53 Uhr schrieb Benjamin Marwell <
[email protected]>:
> Hi!
>
> I think you need to init an environment and make it available
> throughout all of the requests.
> Look at this section:
> https://shiro.apache.org/web.html#shiro_1_2_and_later
> Especially the part "what it does": "(... including the
> SecurityManager) and makes it accessible in the ServletContext.
>
> You can take a look at the class
> "org.apache.shiro.web.env.EnvironmentLoaderListener" to see what it
> looks like.
>
> Once set up, you should be able to access your WebSecurityManager in
> any way you described.
>
> Am Fr., 13. Mai 2022 um 06:20 Uhr schrieb Lenny Primak <
> [email protected]>:
> >
> > Have you looked at the Shiro web tutorial?
> > The examples there should work just fine.
> >
> >
> > On May 12, 2022, at 8:28 PM, Josef Gosch <[email protected]> wrote:
> >
> > My authentication realm is set up correctly, I can authenticate through
> an endpoint inside the RequestHandler. I can save the session cookie
> manually, but I can't find a way for the SecurityManager or
> WebSessionManager to intercept it.
> >
> > Josef Gosch <[email protected]> schrieb am Fr., 13. Mai 2022, 03:01:
> >>
> >> Hello.
> >>
> >> I have some troubles implementing Shiro in a distributed environment.
> >> Clients/Server are communicating through a HTTP based Protocol provided
> by Jetty on the server side. The client side is set up to store and reply
> cookies.
> >>
> >> I played around with different approaches but nothing seems to fit. I
> tried creating a ServletContextHandler and adding the Filters there, but I
> have no clue how to combine it with my RequestHandler. I also don't find
> much help online on this subject. Maybe someone here could give me a hint?
> >>
> >> It's basically made up of 2 Classes:
> >>
> >> public final class WebServer extends AbstractIdleService {
> >>
> >> // ~ Static fields
> ---------------------------------------------------------------------------------------------
> >>
> >> private static final Logger L =
> LoggerFactory.getLogger(WebServer.class);
> >>
> >> // ~ Instance fields
> -------------------------------------------------------------------------------------------
> >>
> >> private final int port;
> >> private final Server server;
> >> private final TractDB tractDB;
> >> private final Gson gson;
> >>
> >> // ~ Constructors
> ----------------------------------------------------------------------------------------------
> >>
> >> public WebServer(final TractDB tractDB, final int port, final Gson
> gson) {
> >> this.tractDB = tractDB;
> >> this.port = port;
> >> this.gson = gson;
> >> this.server = new Server();
> >> }
> >>
> >> // ~ Methods
> ---------------------------------------------------------------------------------------------------
> >>
> >> @Override
> >> protected void startUp() throws Exception {
> >>
> >> SslContextFactory sslContextFactory = new SslContextFactory();
> >>
> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore"));
> >>
> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD);
> >> sslContextFactory.setProtocol("TLSv1.2");
> >>
> >> SslConnectionFactory ssl = new
> SslConnectionFactory(sslContextFactory, "http/1.1");
> >> HttpConnectionFactory http = new HttpConnectionFactory(new
> HttpConfiguration());
> >>
> >>
> >> /* connectors */
> >> ServerConnector sslConnector = new ServerConnector(this.server,
> ssl, http);
> >> sslConnector.setPort(this.port);
> >> this.server.addConnector(sslConnector);
> >>
> >> /* handlers */
> >>
> >> GzipHandler gzip = new GzipHandler();
> >> RequestHandler requestHandler = new RequestHandler(this.gson,
> this.tractDB);
> >>
> >> gzip.setIncludedMimeTypes("text/html", "text/plain",
> "application/json");
> >>
> >> gzip.setHandler(requestHandler);
> >>
> >> this.server.setHandler(gzip);
> >>
> >> this.server.start();
> >> }
> >>
> >> @Override
> >> protected void shutDown() throws Exception {
> >> L.info("shutting down web-server");
> >> this.server.stop();
> >> }
> >> }
> >>
> >>
> ---------------------------------------------------------------------------------------------
> >>
> >>
> ---------------------------------------------------------------------------------------------
> >>
> >> public final class RequestHandler extends AbstractHandler {
> >>
> >> // ~ Static fields
> ---------------------------------------------------------------------------------------------
> >>
> >> private static final Logger L =
> LoggerFactory.getLogger(RequestHandler.class);
> >>
> >> // ~ Instance fields
> -------------------------------------------------------------------------------------------
> >>
> >> // ...
> >>
> >> // ~ Constructors
> ----------------------------------------------------------------------------------------------
> >>
> >> public RequestHandler(final Gson gson, final TractDB tractDB) {
> >> // ...
> >> }
> >>
> >> // ~ Methods
> ---------------------------------------------------------------------------------------------------
> >>
> >> @Override
> >> public void handle(final String target, final Request baseRequest,
> final HttpServletRequest request, final HttpServletResponse response)
> throws IOException, ServletException {
> >> L.debug("{} '{}'", request.getMethod(), target);
> >>
> >> try {
> >>
> >> /* default result: not found */
> >> HandlerResult handlerResult =
> JsonResult.notFound(this.gson);
> >>
> >> /* ... Handlers will be dispatched here ... */
> >>
> >> handlerResult.writeTo(response);
> >>
> >> } catch (RuntimeException e) {
> >> L.error(e.getMessage(), e);
> >> response.reset();
> >>
> >> JsonResult.internalServerError(this.gson)
> >> .writeTo(response);
> >> }
> >>
> >> baseRequest.setHandled(true);
> >> }
> >> }
> >
> >
>
