I think that we can use the Shiro filters as they exist. All we need to do is
add a Struts 2 interceptor for Shiro to inject the aquired Shiro subject into
the value stack. This Shiro subject can be used by login actions to check if a
login was successful.
I was going to work out a sketch of the ideas in the sandbox but it seems that
I no longer have my old commit privileges. Could I have them re-instated?
Regards,
Alan
On Oct 7, 2010, at 11:18 AM, Les Hazlewood wrote:
> Hi Alan,
>
> I haven't used Struts (ever), so I won't be able to offer
> struts-specific advice. But because it is a typical request/response
> MVC framework w/ servlets and JSPs (AIUI), just defining the
> IniShiroFilter in web.xml should be all that is necessary.
>
> If it is not Spring-based and you want to use annotations, you'll
> probably need to enable the AspectJ support, otherwise,
> SecurityUtils.getSubject() will work fine.
>
> For testing, I would use the Subject.Builder to mock Subject instances
> as necessary. For example:
>
> Subject mock = new
> Subject.Builder(testSecurityManager).foo(..).bar(...).buildSubject();
> mock.execute( new Runnable() {
> public void run() {
> runSomeTestAsTheSubject();
> }
> });
>
> This guarantees thread cleanup. You can also use the 'Manual
> Association' approach as covered in
> http://incubator.apache.org/shiro/subject.html by binding and clearing
> the ThreadState in the respective @Before and @After JUnit methods.
> The Runnable and/or Callable approach is my favorite because there is
> less to manage.
>
> HTH!
>
> --
> Les Hazlewood
> Founder, Katasoft, Inc.
> Application Security Products & Professional Apache Shiro Support and
> Training:
> http://www.katasoft.com
>
> On Thu, Oct 7, 2010 at 6:51 AM, Alan D. Cabrera <l...@toolazydogs.com> wrote:
>> I would like to integrate Shiro w/ a struts 2 setup. Any advice before I
>> dive in?
>>
>>
>> Regards,
>> Alan
>>
>>
