I've found out that ShiroFilter didn't get triggered on requests. I changed my request handler to extend javax.servlet.http.HttpServlet, now it's working!
Josef Gosch <[email protected]> schrieb am Fr., 13. Mai 2022, 23:49: > Everything looks set up correctly now, I have an IniWebEnvironment in my > servletContext inside the request handler... but now I get the following > exception: > No SecurityManager accessible to the calling code, either bound to the > org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an > invalid application configuration. > > This is a bit awkward, as I can indeed fetch the WebEnvironment through > WebUtils.getRequiredWebEnvironment(request.getServletContext()), and it > contains an instance of DefaultWebSecurityManager. > > I could set it manually with SecurityUtils.setSecurityManager, but as far > as I know by now this would load the SecurityManager in VM context, which > is probably not what I want. > > I don't really understand what is happening here. > > thank you. > > Am Fr., 13. Mai 2022 um 12:21 Uhr schrieb Josef Gosch < > [email protected]>: > >> Hi. >> Thanks for the hints. >> I think my first approach wasn't too wrong, but it's still something >> missing there... I set up a ServletContextHandler and configured it >> according to the web.xml file in the example, and I let my RequestHandler >> extend HandlerWrapper instead of AbstractHandler (don't really know if >> tthat's the right approach...): >> >> /* handlers */ >> ServletContextHandler context = new ServletContextHandler(); >> context.setInitParameter("shiroConfigLocations", "classpath:shiro.ini"); >> context.addEventListener(new EnvironmentLoaderListener()); >> context.addFilter(ShiroFilter.class, "/*", EnumSet.of(REQUEST, FORWARD, >> INCLUDE, ERROR, ASYNC)); >> >> GzipHandler gzip = new GzipHandler(); >> gzip.setIncludedMimeTypes("text/html", "text/plain", "application/json"); >> >> RequestHandler requestHandler = new RequestHandler(this.gson, this.tractDB); >> >> context.insertHandler(requestHandler); >> context.setGzipHandler(gzip); >> >> this.server.setHandler(context); >> >> But it seems to work now ---- What i found was that I initialized the >> shiro.ini file in the main method. I somehow missed that, banging my head >> at the table right now :). >> >> thank you. >> >> Am Fr., 13. Mai 2022 um 07:53 Uhr schrieb Benjamin Marwell < >> [email protected]>: >> >>> Hi! >>> >>> I think you need to init an environment and make it available >>> throughout all of the requests. >>> Look at this section: >>> https://shiro.apache.org/web.html#shiro_1_2_and_later >>> Especially the part "what it does": "(... including the >>> SecurityManager) and makes it accessible in the ServletContext. >>> >>> You can take a look at the class >>> "org.apache.shiro.web.env.EnvironmentLoaderListener" to see what it >>> looks like. >>> >>> Once set up, you should be able to access your WebSecurityManager in >>> any way you described. >>> >>> Am Fr., 13. Mai 2022 um 06:20 Uhr schrieb Lenny Primak < >>> [email protected]>: >>> > >>> > Have you looked at the Shiro web tutorial? >>> > The examples there should work just fine. >>> > >>> > >>> > On May 12, 2022, at 8:28 PM, Josef Gosch <[email protected]> >>> wrote: >>> > >>> > My authentication realm is set up correctly, I can authenticate >>> through an endpoint inside the RequestHandler. I can save the session >>> cookie manually, but I can't find a way for the SecurityManager or >>> WebSessionManager to intercept it. >>> > >>> > Josef Gosch <[email protected]> schrieb am Fr., 13. Mai 2022, >>> 03:01: >>> >> >>> >> Hello. >>> >> >>> >> I have some troubles implementing Shiro in a distributed environment. >>> >> Clients/Server are communicating through a HTTP based Protocol >>> provided by Jetty on the server side. The client side is set up to store >>> and reply cookies. >>> >> >>> >> I played around with different approaches but nothing seems to fit. I >>> tried creating a ServletContextHandler and adding the Filters there, but I >>> have no clue how to combine it with my RequestHandler. I also don't find >>> much help online on this subject. Maybe someone here could give me a hint? >>> >> >>> >> It's basically made up of 2 Classes: >>> >> >>> >> public final class WebServer extends AbstractIdleService { >>> >> >>> >> // ~ Static fields >>> --------------------------------------------------------------------------------------------- >>> >> >>> >> private static final Logger L = >>> LoggerFactory.getLogger(WebServer.class); >>> >> >>> >> // ~ Instance fields >>> ------------------------------------------------------------------------------------------- >>> >> >>> >> private final int port; >>> >> private final Server server; >>> >> private final TractDB tractDB; >>> >> private final Gson gson; >>> >> >>> >> // ~ Constructors >>> ---------------------------------------------------------------------------------------------- >>> >> >>> >> public WebServer(final TractDB tractDB, final int port, final >>> Gson gson) { >>> >> this.tractDB = tractDB; >>> >> this.port = port; >>> >> this.gson = gson; >>> >> this.server = new Server(); >>> >> } >>> >> >>> >> // ~ Methods >>> --------------------------------------------------------------------------------------------------- >>> >> >>> >> @Override >>> >> protected void startUp() throws Exception { >>> >> >>> >> SslContextFactory sslContextFactory = new SslContextFactory(); >>> >> >>> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore")); >>> >> >>> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD); >>> >> sslContextFactory.setProtocol("TLSv1.2"); >>> >> >>> >> SslConnectionFactory ssl = new >>> SslConnectionFactory(sslContextFactory, "http/1.1"); >>> >> HttpConnectionFactory http = new HttpConnectionFactory(new >>> HttpConfiguration()); >>> >> >>> >> >>> >> /* connectors */ >>> >> ServerConnector sslConnector = new >>> ServerConnector(this.server, ssl, http); >>> >> sslConnector.setPort(this.port); >>> >> this.server.addConnector(sslConnector); >>> >> >>> >> /* handlers */ >>> >> >>> >> GzipHandler gzip = new GzipHandler(); >>> >> RequestHandler requestHandler = new RequestHandler(this.gson, >>> this.tractDB); >>> >> >>> >> gzip.setIncludedMimeTypes("text/html", "text/plain", >>> "application/json"); >>> >> >>> >> gzip.setHandler(requestHandler); >>> >> >>> >> this.server.setHandler(gzip); >>> >> >>> >> this.server.start(); >>> >> } >>> >> >>> >> @Override >>> >> protected void shutDown() throws Exception { >>> >> L.info("shutting down web-server"); >>> >> this.server.stop(); >>> >> } >>> >> } >>> >> >>> >> >>> --------------------------------------------------------------------------------------------- >>> >> >>> >> >>> --------------------------------------------------------------------------------------------- >>> >> >>> >> public final class RequestHandler extends AbstractHandler { >>> >> >>> >> // ~ Static fields >>> --------------------------------------------------------------------------------------------- >>> >> >>> >> private static final Logger L = >>> LoggerFactory.getLogger(RequestHandler.class); >>> >> >>> >> // ~ Instance fields >>> ------------------------------------------------------------------------------------------- >>> >> >>> >> // ... >>> >> >>> >> // ~ Constructors >>> ---------------------------------------------------------------------------------------------- >>> >> >>> >> public RequestHandler(final Gson gson, final TractDB tractDB) { >>> >> // ... >>> >> } >>> >> >>> >> // ~ Methods >>> --------------------------------------------------------------------------------------------------- >>> >> >>> >> @Override >>> >> public void handle(final String target, final Request >>> baseRequest, final HttpServletRequest request, final HttpServletResponse >>> response) throws IOException, ServletException { >>> >> L.debug("{} '{}'", request.getMethod(), target); >>> >> >>> >> try { >>> >> >>> >> /* default result: not found */ >>> >> HandlerResult handlerResult = >>> JsonResult.notFound(this.gson); >>> >> >>> >> /* ... Handlers will be dispatched here ... */ >>> >> >>> >> handlerResult.writeTo(response); >>> >> >>> >> } catch (RuntimeException e) { >>> >> L.error(e.getMessage(), e); >>> >> response.reset(); >>> >> >>> >> JsonResult.internalServerError(this.gson) >>> >> .writeTo(response); >>> >> } >>> >> >>> >> baseRequest.setHandled(true); >>> >> } >>> >> } >>> > >>> > >>> >>
