>>>>> Steinar Bang <[email protected]>: >>>>> Александр <[email protected]>:
>> Thats right. >> My solution is to build shiro infrastructure (securitymanager, realms, >> filterchainresolver) by myself as a beans in blueprint, because I can >> inject to them other services (like Datasource, or EntityManager). I do not >> use ini file, and actually I do not use shiro in standard servlet >> container, because there is Spring for it :) >> But if you use shiro before, and have ini file, you can create >> SecurityManager by IniSecurityManagerFactory >> <https://shiro.apache.org/static/1.3.2/apidocs/src-html/org/apache/shiro/config/IniSecurityManagerFactory.html#line.46> >> and >> FilterChainResolver by IniFilterChainResolverFactory >> <https://shiro.apache.org/static/1.3.2/apidocs/src-html/org/apache/shiro/web/config/IniFilterChainResolverFactory.html#line.43> >> and >> set them to your filter. All of this is better to do in activate() method >> of your filter. >> And dont forget to install shiro bundles (shiro-core, shiro-web...) > Thanks! I'm part of the way there. I needed the > WebIniSecurityManagerFactory class instead, because AbstractShiroFilter > needs WebSecurityManager. > However I ran into a problem in that WebIniSecurityManagerFactory > doesn't like my custom realm. I get the following error message in > karaf.log of the pax exam test: > 2018-03-24T18:40:56,944 | ERROR | features-1-thread-1 | ukelonn > | 21 - no.priv.bang.ukelonn - 1.0.0.SNAPSHOT | > [no.priv.bang.ukelonn.impl.UkelonnShiroFilter(4)] The activate method has > thrown an exception > org.apache.shiro.config.ConfigurationException: Unable to set property > 'realms' with value [[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d]] on > object of type org.apache.shiro.web.mgt.DefaultWebSecurityManager. If > '[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d]' is a reference to another > (previously defined) object, prefix it with '$' to indicate that the > referenced object should be used as the actual value. For example, > $[no.priv.bang.ukelonn.impl.UkelonnRealm@7eb8a95d] > [snip!] > Caused by: java.lang.ClassCastException: > no.priv.bang.ukelonn.impl.UkelonnRealm cannot be cast to > org.apache.shiro.realm.Realm > Could this be OSGi class loader issue...? Probably a class loader issue. It now works: https://github.com/steinarb/ukelonn/blob/4be88dab9fd97d449592cd46fb1ab9b5762b3b36/ukelonn.bundle/src/main/java/no/priv/bang/ukelonn/impl/UkelonnShiroFilter.java#L64 I had to create the realm using code rather than in the shiro.ini file: https://github.com/steinarb/ukelonn/blob/4be88dab9fd97d449592cd46fb1ab9b5762b3b36/ukelonn.bundle/src/main/java/no/priv/bang/ukelonn/impl/UkelonnShiroFilter.java#L92 https://github.com/steinarb/ukelonn/commit/4be88dab9fd97d449592cd46fb1ab9b5762b3b36#diff-d4776a0758751afbed78ab9a334bc8ce I also ran into a problem with Shiro's Ini file loading from the classpath. It actually worked in karaf in the pax exam integration test, but not in karaf actual. So I had to explicitly find the shiro.ini resource from the classloader of my AbstractShiroFilter DS component: https://github.com/steinarb/ukelonn/blob/4be88dab9fd97d449592cd46fb1ab9b5762b3b36/ukelonn.bundle/src/main/java/no/priv/bang/ukelonn/impl/UkelonnShiroFilter.java#L51 -- -- ------------------ OPS4J - http://www.ops4j.org - [email protected] --- You received this message because you are subscribed to the Google Groups "OPS4J" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
