Hi Steinar, Why not using the ini file?
regards, François [email protected] Le 24/03/2020 à 17:45, Steinar Bang a écrit : > Ok now I have some success. I have successfully received an OSGi > service injection of the correct ServletContext created by the > ServletContextHelper. > > To recap: I'm trying to switch this > > https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L74 > to something like this > > https://github.com/fpapon/shiro-labs/blob/master/karaf-jaxrs/src/main/java/fr/openobject/labs/shiro/karaf/jaxrs/ShiroService.java#L47 > > The start of the AuthserviceShiroFilter.activate() method now looks like this: > @Activate > public void activate() { > environment = new IniWebEnvironment(); > environment.setIni(INI_FILE); > environment.setServletContext(context); > environment.init(); > DefaultWebSessionManager sessionmanager = new > DefaultWebSessionManager(); > sessionmanager.setSessionDAO(session); > sessionmanager.setSessionIdUrlRewritingEnabled(false); > DefaultWebSecurityManager securityManager = > DefaultWebSecurityManager.class.cast(environment.getWebSecurityManager()); > securityManager.setSessionManager(sessionmanager); > securityManager.setRealm(realm); > setSecurityManager(securityManager); > > The next place I got stuck was in the code replacing the authc filter > with the PassThruAuthenticationFilter: > // Using the PassThruAuthenticationFilter instead of the default > authc FormAuthenticationFilter > // to be able to do a redirect back "out of" authservice to the > originalUrl > Map<String, Object> defaultBeans = new > HashMap<>(securityManagerFactory.getBeans()); > PassThruAuthenticationFilter authc = new > PassThruAuthenticationFilter(); > authc.setLoginUrl("/login"); > defaultBeans.put("authc", (Object)authc); > > Does anyone know how I could do this in Java code, now that I no longer > have access to the securityManagerFactory? > > is the IniWebEnvironment.getObjects() method the same as > securityManager.getBeans()? (it has the same signature) > > Thanks!
