Hi there, Richard.
I created securityrequestfilter that reads header for auth token and
autorize/or not. Than it pass request to other filters.
Some part of code for example:
public class SecurityRequestFilter implements HttpServletRequestFilter
{
@Inject
private SecurityService securityService;
@Override
public boolean service(HttpServletRequest request, HttpServletResponse
response, HttpServletRequestHandler handler) throws IOException
{
if (request.getHeader("Authorization") != null)
login(request.getHeader("Authorization"));
else
slog.info("Anonymous request detected.");
return handler.service(request, response);
}
As for application module(Main tapestry configuration class):
@Contribute(HttpServletRequestHandler.class)
public static void
httpServletRequestHandler(OrderedConfiguration<HttpServletRequestFilter>
configuration,
@InjectService("ServletRequestFilter")
HttpServletRequestFilter servletRequestFilter,
@InjectService("SecurityRequestFilter") HttpServletRequestFilter
securityRequestFilter)
{
configuration.add("SecurityRequestFilter", securityRequestFilter,
"after:SecurityConfiguration", "before:ResteasyRequestFilter");
configuration.add("ServletRequestFilter", servletRequestFilter,
"after:ResteasyRequestFilter", "before:GZIP");
}
I can't say that a right thing to do. But my way works fine to use
tapestry-security with tapestry-resteasy.
Good luck.
On 5 May 2017 at 23:49, Richard Frovarp <rfrov...@apache.org> wrote:
> I'm wondering if there is a straightforward way to secure
> tapestry-resteasy with Shiro. We're already using tapestry-security. I have
> a student doing some work to do this, and it doesn't seem like the two work
> together. We can protect the URL path from the AppModule using the Shiro
> code like we do everywhere else. However, we can't get annotations to work
> on the REST "pages" or methods. I would like to be able to do things like
> access level access control and permission based control based on the
> authenticated user through the same Shiro tools that we have been using.
>
> It feels like we're missing something. I can probably build my own
> integration, but if it is already solved and we are just missing it, I
> would rather do it the correct way.
>
> Thanks,
>
> Richard
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
With best regards,
Pavel Chernyak
