On 03/04/2011 09:33 AM, mangelo wrote: > I am brand new to Shiro. Just found it last night. I am very encouraged from > what I've read so far. My security requirements seem to be too much for > Spring Security. I am confident that Shiro can handle them given the > flexibility. > > The only problem is that I don't know how quite to get started. I've found > the Spring samples and how to get set up. My problem is the users of my app > are already authenticated by Oracle SSO. The username is in the request > header. > > How do I get it out of the request header and into Shiro? Where would I put > such code?
This should go into a filter. You likely want to extend AuthenticatingFilter - look at the BasicHttpAuthenticationFilter for an example that uses headers. Basically, your filter should pack up the header value in an AuthenticationToken. Shiro will pass this AuthenticationToken to your Realm. > > I have based my Realm from the SampleRealm class. Should I always return > 'false' from the supports method? Should I return SimpleAuthenticationInfo() > with an empty string as the password? I would say yes. In addition, accept the AuthenticationToken type that you created in your filter. > > If there is a more complete example that would help out a lot. I feel like > I've hit a brick wall. > > TIA. > > MIke. > > -- > View this message in context: > http://shiro-developer.582600.n2.nabble.com/Single-Sign-On-SSO-Spring-Hibernate-Help-tp6088874p6088874.html > Sent from the Shiro Developer mailing list archive at Nabble.com.
signature.asc
Description: OpenPGP digital signature
