Well, it took me a day or two to get my head around this, esp. as there is sparse documentation about Shiro and Guice. However, as I'm using Jersey's "RolesAllowedResourceFilterFactory" that intercepts resources and methods to check the @RolesAllowed Annotation against the SecurityContext it worked instantly. Of course I had to re-work every part that uses Spring artifacts (UserDetails, GrantedAuthority) but in the end, it was worth it - clean code and esp. less dependencies and no xml configurations...
I'm gonna write down how I set this up to provide furhter documentation and a real life example. Am Montag, 19. März 2012 15:45:06 UTC+1 schrieb Matías Williams: > > Do you have to change too much of your code? Because I have jdbc > authentication with Spring Security (not working), and I'll want to keep it > that way. For example: I have a user that implements userdeatails, and some > permits that implements grantedauthority. Is there a simple way to get from > here to Apache Shiro? > Thanks, > Matias > > On Monday, March 19, 2012 8:59:36 AM UTC-3, pepperbob wrote: >> >> Alright, in favor of a better integration I threw away the whole >> Spring-thing and replaced it with Apache Shiro. >> >> >> Am Donnerstag, 15. März 2012 09:49:55 UTC+1 schrieb pepperbob: >>> >>> I run a web application with guice2 + warp persist (multiple >>> datasources) including spring security & jersey. I'm trying to migrate to >>> guice3 + guice-persist and made the following observation: >>> >>> due to the setup, it is required to run the persist filter at first, >>> then spring security and finally the jersey relevant part (via my guice >>> servlet module). As the warp-filter has been setup through web.xml this has >>> not been a problem so far. >>> >>> With guice3 the persistence filter is setup in my servlet module which >>> also takes care about jersey (jersey-guice integration). This means that I >>> cannot run the spring security filter in between as it needs to be setup >>> via web.xml (and esp. after the persistence filter as it uses guice managed >>> beans). >>> >>> Any pointers or ideas how this could still work out? The only way I >>> could think is to de-couple spring security from the guice managed >>> persistence but I don't really like that. Maybe I should move to Apache >>> Shiro as there is a guice integration. >>> >> -- You received this message because you are subscribed to the Google Groups "google-guice" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-guice/-/TeVqIDtHfJEJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-guice?hl=en.
