Hi, Is there an example demonstrating securing a web application hosted in Pax Web/Karaf using Apache Shiro? (I use Pax Wicket, but I presume this applies to any Pax Web app?)
Should I use shiro-core or shiro-web ? Shiro Karaf feature is available at mvn:org.apache.shiro/shiro-features/1.2.1/xml/features so installing it is easy, but I am confused how to use it.. i tried something like : private transient Logger log = LoggerFactory.getLogger(LoginPage.class); private final LoginFormModel loginFormModel = new LoginFormModel(); private transient final Subject currentUser; public LoginPage() { super(); Ini ini = new Ini(); ini.load(LoginPage.class.getResourceAsStream("default.realm.ini")); IniRealm defaultRealm = new IniRealm(ini); SecurityUtils.setSecurityManager(new DefaultWebSecurityManager( defaultRealm)); currentUser = SecurityUtils.getSubject(); add(new Label("currentUser", String.valueOf(currentUser.getPrincipal()))); final Form<LoginFormModel> loginForm = new Form<LoginFormModel>("loginForm", new Model<LoginFormModel>(loginFormModel)); add(loginForm); loginForm.add(new TextField<String>("username", new PropertyModel<String>(loginFormModel , "username"))); loginForm.add(new PasswordTextField("password", new PropertyModel<String>(loginFormModel , "password"))); loginForm.add(new CheckBox("rememberMe", new PropertyModel<Boolean>(loginFormModel, "rememberMe"))); loginForm.add(new AjaxButton("login") { @Override protected void onSubmit(AjaxRequestTarget target, Form<?> form) { log.info("Processing {}", loginFormModel); target.add(feedbackPanel); currentUser.login(new UsernamePasswordToken(loginFormModel .getUsername(), loginFormModel.getPassword() .toCharArray())); super.onSubmit(target, form); } @Override protected void onError(AjaxRequestTarget target, Form<?> form) { target.add(feedbackPanel); super.onError(target, form); } }); } But got: Unexpected RuntimeException Last cause: SessionContext must be an HTTP compatible implementation. WicketMessage: Method onRequest of interface org.apache.wicket.behavior.IBehaviorListener targeted at org.apache.wicket.ajax.markup.html.form.AjaxButton$1 {event='onclick'} on component [ [Component id = login]] threw an exception Stacktrace Root cause: java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible implementation. at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) at org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) at org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336) at org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312) at org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182) at org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163) at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144) at org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183) at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283) at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256) at org.soluvas.web.login.LoginPage$1.onSubmit(LoginPage.java:56) -- Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on LinkedIn<http://id.linkedin.com/in/hendyirawan> Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator Bisnis | Bandung
_______________________________________________ general mailing list general@lists.ops4j.org http://lists.ops4j.org/mailman/listinfo/general