asfgit commented on issue #118: [SHIRO-667] Upgrade to Spring 4.3.22-RELEASE
URL: https://github.com/apache/shiro/pull/118#issuecomment-470838415
Refer to this link for build results (access rights to CI server needed):
https://builds.apache.org/job/Shiro-pr/63/
Cool :)
I will merge it
regards,
François Papon
fpa...@apache.org
Le 06/03/2019 à 21:25, Brian Demers a écrit :
> Sounds good!
>
> On Tue, Mar 5, 2019 at 11:45 PM Francois Papon
> wrote:
>
>> Hi Brian,
>>
>> I removed the spring-xml example because it was using
>> SimpleFormController that is
Hi,
it sounds good to me !
Regards
JB
On 08/03/2019 07:36, Francois Papon wrote:
> Hi guys,
>
> We have many discussion with JB about the integration of Shiro in OSGi
> world and especially in Karaf because our vision is that we can make
> more than provide bundles.
>
> We will cut the 1.4.1
Hi guys,
We have many discussion with JB about the integration of Shiro in OSGi
world and especially in Karaf because our vision is that we can make
more than provide bundles.
We will cut the 1.4.1 release next week with the OSGi first step stuffs
and start thinking about the next step.
Here
Hi Les!
I'm agree, the purpose is not to re-invent the wheel, and thanks to have
created JJWT ;)
As JJWT is under Apache 2.0 license, I think we can use it in Shiro.
Do you have some time to work on this integration or make some proposal?
François Papon
fpa...@apache.org
Le 07/03/2019 à
Yes, I'm agree about using the JWT for a remember me storage, especially
for APIs in a distributed / cloud environment.
For the session id, how can we match the JWT sent by the consumer with
the session id?
François Papon
fpa...@apache.org
Le 07/03/2019 à 21:44, Brian Demers a écrit :
> I would
It's weird because I'm not the only one who have this error...
I used oracle-jdk-8 and Tomcat 9.0.6.
Can you tried with my example repo?
https://github.com/fpapon/shiro-labs/tree/master/tomcat-web
May be I'm missing something...
François Papon
fpa...@apache.org
Le 07/03/2019 à 23:49, Brian
I still cannot reproduce this.
I tried with 8.5.32 and 9.0.16 (with OpenJDK Runtime Environment
Corretto-11.0.2.9.1 and OpenJDK 64-Bit Server VM Corretto-8.202.08.2)
Side note: only Tomcat 8.0 is EOL, 7, 8.5, and 9 are _active_
On Wed, Mar 6, 2019 at 1:10 PM Francois Papon
wrote:
> Hi
I agree, I don't think we want to take things like that if we don't need
to. We might not want to leak the JJWT interfaces in our APIs, but I would
much rather leverage an existing lib whenever possible
On Thu, Mar 7, 2019 at 12:39 PM Les Hazlewood wrote:
> Hi François!
>
> I see it a little
I would agree on the bearer token use cases, though that would likely be
dependent on a given realm (were to validate the bearer token)
I'm not sure using a JWT as the session id would add much value. We would
still need to look up an existing session, so the session key would just be
bigger?
I
Hi Les,
I take a look on JJWT and it's realy great ;)
But as Shiro is a security framework and already have a cryptography
module, I was hoping that we could have our own implementation.
regards,
François Papon
fpa...@apache.org
Le 07/03/2019 à 01:37, Les Hazlewood a écrit :
> What about jjwt
I think that the session cache manager is a very nice feature in Shiro
and I was thinking about using the compact representation of JWT as the
session id in the cache manager.
This could be very usefull because we just have to decrypt the JWT on
login and store the user profil in the cache
12 matches
Mail list logo
