Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

>>>>> Steinar Bang : [snip!] > It's early days so I can't tell for sure if this works everywhere. > But the first app I tried it on came up like with shiro 1.13, so I have > hope I can use the upcoming 2.0.1. I've loaded and run my entire stack of OSGi applications n

Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

> Jean-Baptiste Onofré : > Hi Steinar > I gonna take a look. Note: I have created a shiro issue for this: https://github.com/apache/shiro/issues/1500

Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

I have figured out a fairly simple workaround for this problem: 1. Remove the "authc = " line from the main section shiro.ini [main] authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter authc.loginUrl = /login shiro.unauthorizedUrl = /unauthorized ie.

Re: [VOTE] Release Apache Shiro 2.0.1

Steinar Bang +1 (non-binding)

Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

>>>>> Steinar Bang : > Shiro tries several classloaders: > > https://github.com/apache/shiro/blob/main/lang/src/main/java/org/apache/shiro/lang/util/ClassUtils.java#L153 > The classloaders tried, are: > 1. Thread.currentThread().getContextClassLoader() > 2

Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

>>>>> Steinar Bang : >>>>> Jean-Baptiste Onofré >>>>> : >> Hi Steinar >> I gonna take a look. > Great! Thanks, JB! Out of curiosity what approaches do you see as possible? I can just think of two: 1. Extend the INI API to pass

Re: Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

> Jean-Baptiste Onofré : > Hi Steinar > I gonna take a look. Great! Thanks, JB!

Problem with parsing ini files on OSGi for SNAPSHOT build from current git main (what will be 2.0.1)

I get the following stack trace for all Shiro filters: https://gist.github.com/steinarb/faa44f384b330ae0259cc051036885db The error message is: org.apache.shiro.config.ConfigurationException: Unable to instantiate class [org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter] for object

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > Ah, that’s a different world here unfortunately… you are on your own there Yep. There may be a feature request about a parametrized classloader (which is a good idea in any case) going all the way into the code that tries to load a class by

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > That’s hardly enough to go on. Sounds like a configuration issue. No, that's just me thinking out loud. > Do you have a reproducer? Not yet, but the first stack trace in the log is failing in INI parsing because of

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > Awesome! Thank you for your contributions and help! We appreciate it. My pleasure! I'm not all there yet, however...:-) All applications built without compilation and test errors, but I'm currently getting HTTP ERROR 500

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org > There are plenty of tests already. They were all expecting flipped values, > as the naming is very confusing. No need for any new tests. Ok. Anyway! My stuff builds against a snapshot from the current main of shiro. Thanks! (Tomorrow I

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

>>>>> Steinar Bang : > Would you like a port of my unit tests to the shiro-jaxrs project (a 200 > OK test (logged in user with role admin), a 401 Authenticate test (user > not logged in) and a 403 Forbidden test (user without role admin logged > in))? But that offe

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

>>>>> Steinar Bang : >>>>> lenny-5o6p1tln9c5dpfhejli6iq-xmd5yjdbdmrexy1tmh2...@public.gmane.org: >> Sheesh, I think you are right :) > Would you like me to create a new Gitub issue? Nevermind! I saw you reopened the old issue. Would you like a port of m

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

>>>>> Steinar Bang : >>>>> lenny-5o6p1tln9c5dpfhejli6iq-xmd5yjdbdmrexy1tmh2...@public.gmane.org: >> Hi, >> I believe this will be fixed in 2.0.1 >> See https://github.com/apache/shiro/issues/1383 >> <https://github.com/apache/shiro/is

Re: shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > Hi, > I believe this will be fixed in 2.0.1 > See https://github.com/apache/shiro/issues/1383 > for details. Ah, thanks! I will hold off switching from 1.13.0 until 2.0.1 is out. Thanks again!

shiro-jaxrs of shiro 2.0.0: tests expecting 403 get 401 and tests expecting 401 get UnauthenticatedException

I'm trying to switch from shiro 1.13.0 to shiro 2.0.0 and I'm running into test failures in my tests of jersey JAX-RS resources. I am getting 401 Unauthorized responses where I'm expecting 403 Forbidden (accessing rest endpoint with a logged in user without the required role) and I'm getting

Re: How is order from the [url] section preserved?

>>>>> Steinar Bang : >>>>> lenny-5o6p1tln9c5dpfhejli6iq-xmd5yjdbdmrexy1tmh2...@public.gmane.org: >> Without looking at the code, I would guess it’s stored in LinkedHashMap, >> which keeps track of the order, >> however, there are other map s

Re: How is order from the [url] section preserved?

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > Without looking at the code, I would guess it’s stored in LinkedHashMap, > which keeps track of the order, > however, there are other map structures that keep order as well. Ok, thanks!

How is order from the [url] section preserved?

I know from experience that the order of the [url] setion of the shiro.ini file is significant: earlier entries will override entries further down. What I'm unable to see, is how that order is preserved in shiro? As far as I can tell the entries of the [url] section are iterated over here

Re: Possible to programmatically open URLs

> Lenny Primak : > What I think you are asking is hybrid configuration. You would have to > override WebEnvironment class. I believe this is well documented already Thanks! So I tried googling "override webenvironment hybrid configuration" but that didn't come up with anything useful.

Re: Possible to programmatically open URLs

> Lenny Primak : > Have you actually tried it? It’s unusual but should work if I understand > your example correctly Oh the shiro.ini example as shown will work, no problem. But I don't want to set the access of /album/picture1 and /album/picture2 in the shiro.ini What I want to do is

Possible to programmatically open URLs

If I have a shiro.ini like so: [main] authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter shiro.loginUrl = /login shiro.unauthorizedUrl = /unauthorized [users] [urls] / = anon /api/** = anon /album/** = authc Ie. /album/ requires a login. Is it then possible to

Re: [ANNOUNCE] Apache Shiro 2.0.0 release

Ah, well! Good thing I just today scrubbed all of my leftover deprecated classes! :-)

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

> Brian Demers : > That should work, keep us posted! Ok, 2 years, 8 weeks, and 5 days has passed, but now I finally got around to it, and I can report it worked perfectly: 1. User with the required role is logged in: a POST to the API gets 200 OK 2. User withot the required role is logged

Re: How is the shiro-jaxrs magic supposed to work with JAX-RS in the OSGi web whiteboard?

>>>>> Steinar Bang : > I'm using an OSGi Web Whiteboard component > > https://github.com/steinarb/oldalbum/blob/e8dbf374c6132694f0ad7c0d4026def355d5514e/oldalbum.web.api/src/main/java/no/priv/bang/oldalbum/web/api/OldAlbumWebApiServlet.java#L33 > that derive

Re: How is the shiro-jaxrs magic supposed to work with JAX-RS in the OSGi web whiteboard?

> lenny-5o6p1tln9c5dpfhejli...@public.gmane.org: > Hi, > The magic is explained in the documentation towards the bottom, but I think > you already know that: > // register the Shiro Feature > classes.add(ShiroFeature.class); Yes. But that doesn't help me much. I'm using an OSGi Web

How is the shiro-jaxrs magic supposed to work with JAX-RS in the OSGi web whiteboard?

I am picking up an experiment from two years back: make the REST-API return 401 instead of 302 when the login goes away. https://www.mail-archive.com/dev@shiro.apache.org/msg06772.html But I can't figure out how to use the shiro magic for JAX-RS in my setting:

Re: What's the current state of Shiro and OAuth2?

>>>>> Steinar Bang : [snip!] > I have googled a bit and this is what I found: [snip!] Missed this one from my first google round: https://github.com/bujiio/buji-pac4jn >From the description this seems to be adding OAuth capabilities to Shiro (among other things). And

What's the current state of Shiro and OAuth2?

Something I've been wondering for a while, is "Why isn't OAuth on the checklist of protocols supported by Shiro?" Doesn't OAuth fit in with the way Shiro works/is structured? Ie. doesn't it make sense to pull OAuth in under the Shiro umbrella? And what form should the OAuth support take? Should

Problem with having to login repeatedly

Platform: amd64, debian 11.2 "bullseye", openjdk 11.0.14, karaf 4.3.6, shiro 1.7.0 This a problem I have with shiro that appears and then disappears as mysteriously has it appears and "out of sight, out of mind". But today I have decided to dig a little bit deeper. Most of the time

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

> Brian Demers : > Cookies will get processed, but if you are using some other form of > header based auth they wouldn't be (unless you a corresponding filter > configured) In this case I'm thinking of what's set by the PassThruAuthenticationFilter when authenticating the frontend. Will

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

Question: when I do this: > [main] > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter [snip!] > [urls] > /api/** = anon > /** = authc, role[myapprole] don't I then use a different filter than PassThruAuthenticationFilter for /api/? Can I do this and still use

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

> Brian Demers : > You can also use `@RequireRoles("myapprole")` annotation instead of > the permission one. > I think the problem you might be running into is the > `PassThruAuthenticationFilter` doesn't have a "permissive" option, so > it's likely redirecting on that fitler. Ok. I can't

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

Side note: shiro-jaxrs and RequiresPermissions annotations may be a way to accomplish what I want to do. But what I really wanted was something simpler: avoid 302 redirects for the part of URL space used by ajax calls (since 302s are handled by the browser and never reach the ajax code waiting

Re: Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

> Brian Demers : > This post is a little old (dependency wise), but it should still be accurate. Hm... I'm on shiro-1.7.0 currently, so the mentioned shiro-jaxrs should be available...? (and currently on jersey 1.8.4, if that matters...?) > See the bit about the "permissive" filter. >

Shiro: possible to configure part of the unauthenticated URLs to return 401 instead 302?

Is it possible to configure a part of the URL space to return 401 instead of 302 when unauthenticated? I would like to avoid 302 redirects for calls to the REST API. Thanks! - Steinar

Re: Can't get authorizedUrl to work

>>>>> Steinar Bang : > Platform: debian 10.9 "buster", openjdk-11 11.0.11+9-1~deb10u1, shiro 1.7.0 > I would like shiro to redirect to a page of my own instead of the > default 401 page. Er... my bad! I was editing the wrong shiro.ini file. I wondered why

Can't get authorizedUrl to work

Platform: debian 10.9 "buster", openjdk-11 11.0.11+9-1~deb10u1, shiro 1.7.0 I would like shiro to redirect to a page of my own instead of the default 401 page. In the shiro.ini, I've tried unauthorizedUrl = /unauthorized and I've tried authc.unauthorizedUrl = /unauthorized and I've tried

Re: [DISCUSS] - Move to 2.0.0

> Francois Papon > : >> It's also time for anyone to bring some ideas about the next Shiro >> features/improvements, feel free to share :) Speaking purely for myself, I would like to see this one fixed: https://issues.apache.org/jira/browse/SHIRO-713

Re: [DISCUSS] - Move to 2.0.0

> Francois Papon : > It's also time for anyone to bring some ideas about the next Shiro > features/improvements, feel free to share :) Maybe a bit OSGi-centric: but how about a restructuring around OSGi services and DS components providing these services? (Shiro is already partly there

Re: Trying to lose the deprecated classes

> Francois Papon : > I added Dynamic-Import-Package in Shiro-core so now the Shiro-core > bundle can load filters provided by other bundles. Thanks Francois! Great work with the OSGi-fication of Shiro! > You just need to export your filter throught a org.apache.shiro.* package. It's even

Re: Trying to lose the deprecated classes

> Francois Papon : > Hi Steinar, > Why not using the ini file? Because the last time I tried (january/february 2018 according to git), the ini file mechanism was unable to resolve classes from other bundles. Does that mean that the ini file now works in an OSGi setting? If so, great news!

Re: Trying to lose the deprecated classes

Ok now I have some success. I have successfully received an OSGi service injection of the correct ServletContext created by the ServletContextHelper. To recap: I'm trying to switch this

Re: Problem upgrading to shiro 1.5.0: IllegalArgumentException: There is no configured chain under the name/key []

>>>>> Steinar Bang : >>>>> Francois Papon >>>>> : >> Hi Steinar, >> It seems like your issue is related to: >> https://issues.apache.org/jira/browse/SHIRO-742 >> It has been fixed and merge on master (1.5.1-SNAPSHOT) and will

Re: [VOTE] Release Apache Shiro 1.5.1 (take #2)

+1 (non-binding)

Re: Problem upgrading to shiro 1.5.0: IllegalArgumentException: There is no configured chain under the name/key []

> Francois Papon : > Hi Steinar, > It seems like your issue is related to: > https://issues.apache.org/jira/browse/SHIRO-742 > It has been fixed and merge on master (1.5.1-SNAPSHOT) and will be released > next week. > You can test it on the latest SNAPSHOT. Thanks! Building 1.5.1-SNAPSHOT

Problem upgrading to shiro 1.5.0: IllegalArgumentException: There is no configured chain under the name/key []

Platform: debian 10.3 "buster", amd64, openjdk 11, karaf 4.1.8, shiro 1.5.0 I get the following error when upgrading from shiro 1.4.1 to 1.5.0: IllegalArgumentException: There is no configured chain under the name/key [] Full stack trace here:

Re: Trying to lose the deprecated classes

> Francois Papon : > Hi, > You can add a filter on the @Reference to get the right servlet. > However, I have some issues when using whiteboard and now I'm using a > dedicated servlet. Hm... perhaps I should wait for the OSGi 7 version of whiteboard, with Servlet 3 annotations, before I

Trying to lose the deprecated classes

I'm now in the process of switching to shiro 1.5.x from (1.4.1). The switch itself was easy: just a switch of the version number in the maven dependencies. But now I'm trying to switch this

Re: [RELEASE] - 1.5.0

> Francois Papon : > Hi all, > If no objections, I would like to start cutting the 1.5.0 release and > start the vote next week. +1 (non-binding) Sounds good!

Re: Password generator

> Francois Papon : > Agree, I'm not sure users want their password to be easy to remember. Hard to remember is entirely ok. They should be hard to guess.

Re: Password generator

> Francois Papon : > Hi all, > Actually we have a DefaultPasswordService wich provide some usefull > method for checking password. > I'm thinking about adding a new method for generate password. > Thoughts? A friend of mine created a password generator once. He used a two stage process:

[jira] [Commented] (SHIRO-679) Shiro modules have split packages

[ https://issues.apache.org/jira/browse/SHIRO-679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16935377#comment-16935377 ] Steinar Bang commented on SHIRO-679: This is a possible duplicate of (or at least overlapping

Re: [OSGi] - Configuration and classloader

>>>>> Steinar Bang : >>>>> Francois Papon >>>>> : >> Hi Steinar, >> I started some test projects, you can take a look here: >> https://github.com/fpapon/shiro-labs > thanks! I may be able to replace the deprecated > WebIni

Re: [OSGi] - Configuration and classloader

> Francois Papon : > Hi Steinar, > I started some test projects, you can take a look here: > https://github.com/fpapon/shiro-labs thanks! I may be able to replace the deprecated WebIniSecurityManagerFactory with stuff from here:

Re: [OSGi] - Configuration and classloader

> Francois Papon : > Thoughts? I'm excited to see this, because of authservice https://github.com/steinarb/authservice#forms-based-nginx-login-and-pluggable-shiro-auth-in-karaf I'm currently doing configuration as a combination of 1. OSGi service dependency injection (that's how I get

[jira] [Commented] (SHIRO-714) Use a login page outside of the current webapps web context

[ https://issues.apache.org/jira/browse/SHIRO-714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16876437#comment-16876437 ] Steinar Bang commented on SHIRO-714: The latter. Actually that bit works (see SHIRO-713

[jira] [Created] (SHIRO-714) Use a login page outside of the current webapps web context

Steinar Bang created SHIRO-714: -- Summary: Use a login page outside of the current webapps web context Key: SHIRO-714 URL: https://issues.apache.org/jira/browse/SHIRO-714 Project: Shiro Issue

[jira] [Created] (SHIRO-713) Need a way to set the cookie PATH

Steinar Bang created SHIRO-713: -- Summary: Need a way to set the cookie PATH Key: SHIRO-713 URL: https://issues.apache.org/jira/browse/SHIRO-713 Project: Shiro Issue Type: Improvement

Re: What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

>>>>> Steinar Bang : > I'm also pondering the possibility of replacing the JDBC realm with LDAP > without the webapps seeing any difference. That would be kind of cool: > it would be possible to select a JDBC realm or an LDAP realm just by > juggeling karaf features

Re: What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

> Brian Demers : > Possibly SHIRO-712 , but > I'd like to make sure we are capturing the use-case too. > Your example seems like a bit of a highbred of DI and the INI. I'm > guessing you want everything except the `[urls]` section outside of

Re: What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

>>>>> Steinar Bang : >>>>> Steinar Bang : >> I'm able to create a DefaultWebSecurityManager with new, but I >> couldn't figure out how to read in the shiro.ini configuration...? > Hm... perhaps this is what I should wait for...? >

Re: What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

>>>>> Steinar Bang : > I'm able to create a DefaultWebSecurityManager with new, but I couldn't > figure out how to read in the shiro.ini configuration...? Hm... perhaps this is what I should wait for...? https://issues.apache.org/jira/browse/SHIRO-712 (But then again, if i

Re: What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

> Brian Demers : > I'm guessing in your case you might want to do something similar to what we > do for Guice (create a WebEnvironment implementation) > https://github.com/apache/shiro/blob/master/support/guice/src/main/java/org/apache/shiro/guice/web/WebGuiceEnvironment.java > For the

What should deprecated class WebIniSecurityManagerFactory be replaced with in OSGi?

In my Shiro-in-OSGi-configured-by-code solutions I ended up using the deprecated WebIniSecurityManagerFactory, with some tricks to find the shiro.ini file in the OSGi classpath:

Re: "Poor man's SSO", howto...?

Just a late followup to this thread. I succeeded in creating a "poor man's SSO" where several webapps running in the same karaf instance behind an nginx reverse proxy, and share the same realm and session https://github.com/steinarb/authservice/ The authservice also offers cookie-based

[jira] [Commented] (SHIRO-552) JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes

[ https://issues.apache.org/jira/browse/SHIRO-552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16851284#comment-16851284 ] Steinar Bang commented on SHIRO-552: I've created a github pull request with a fix for this issue

[Announce] Shiro-based "poor man's SSO" for Apache Karaf applications

https://github.com/steinarb/authservice I wrote this to cover my own usecase, which was to have the same login for nginx itself, as well as a couple of web whiteboard webapps running in the same apache karaf, behind the nginx server through a reverse proxy setup. Cross-webapp SSO works by

Re: Is the cookie path important for Shiro

> Brian Demers : > What does the request shiro receives look like? Hm... I was going to do some wireshark captures to illustrate the problem. But what happened now was that everything worked as expected... ie the authproblem when entering the webapp after a cookie path rewrite no longer

Is the cookie path important for Shiro

I'm working on a solution where a webapp[1] running in apache karaf provides forms based authentication for nginx. The webapp uses Shiro to handle the login and login check. It now sort of works: authentication for the rest of the website works but authentication fails for the webapp itself. Is

Re: How to change or set the path of the jsessionid cookie?

>>>>> Steinar Bang : >>>>> Jean-Baptiste Onofré >>>>> : >> AFAIK, it's not yet possible, but it makes sense to have something >> configurable there. > Ok, that means I'll have to resort to plan B, and it isn't pretty...:-)

Re: How to change or set the path of the jsessionid cookie?

>>>>> Steinar Bang : >>>>> Brian Demers >>>>> : >> Take a look at `ServletContainerSessionManager` if you just want to >> use the containers session management > Thanks for the tip! > However, I wasn't able to figure out

Re: How to change or set the path of the jsessionid cookie?

> Brian Demers : > Take a look at `ServletContainerSessionManager` if you just want to use the > containers session management Thanks for the tip! However, I wasn't able to figure out how to use this to adjust the storage path for the jsessionid (and the rememberme) cookie? I'm perfectly

[jira] [Commented] (SHIRO-658) Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch")

[ https://issues.apache.org/jira/browse/SHIRO-658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16745350#comment-16745350 ] Steinar Bang commented on SHIRO-658: I've created a PR with a workaround for the problem on openjdk-8

[jira] [Created] (SHIRO-658) Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch")

Steinar Bang created SHIRO-658: -- Summary: Problems building shiro on openjdk-8 on current debian stable (9.6 "stretch") Key: SHIRO-658 URL: https://issues.apache.org/jira/browse/SHIRO-658 Proj

Re: How to change or set the path of the jsessionid cookie?

> Jean-Baptiste Onofré : > AFAIK, it's not yet possible, but it makes sense to have something > configurable there. Ok, that means I'll have to resort to plan B, and it isn't pretty...:-) 1. Add another jersey endpoint 2. in that endpoint inject the jsessionid cookie 3. 302 to the

How to change or set the path of the jsessionid cookie?

I'm working on creating a shiro based login service for used with the nginx auth module (to provide forms based login for the entire nginx site). And I'm getting closer. Right now the problem is that the cookie is stored under the webcontext path (in my case "/authservice"). Is there a simple

Re: Failing to disable jsessionid redirect

> Brian Demers : > Hey Steinar! > Rewriting and redirecting are different features. > Seems like you were able to figure out how to disable rewriting, ` > sessionmanager.setSessionIdUrlRewritingEnabled(false)` > Redirecting is dependent on which filter you are using, for example the >

Re: [DISCUSS] - Shiro 2.x

> Brian Demers : > I gave this a quick try, I added this config to the root pom and rebuilt > master. There are still duplicate classes added to shiro-core (from at > least the "lang" module) > Any ideas? Firstly: the config I posted wasn't complete. What I posted was just the part

Failing to disable jsessionid redirect

Platform: debian 9.7 "stretch", amd64 openjdk8 8u181-b13-2~deb9u1 nginx-extras 1.10.3-1+deb9u2 karaf 4.1.7 shiro 1.3.1 I'm trying to use a web whiteboard webapp based on shiro running in karaf as the authentication check mechanism for the nginx auth module:

Re: [DISCUSS] - Shiro 2.x

> Brian Demers : > I’ve never been really happy with the “bundle” package type, mainly > due to lack of knowledge (I think). Can you describe what you are > thinking about for 2.0? Keep using the bundle plugin? Fix mixed > package names in jars? If you put this in the maven-bundle-plugin

[jira] [Comment Edited] (SHIRO-654) Multiple shiro OSGi bundles export the same packages

[ https://issues.apache.org/jira/browse/SHIRO-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16698206#comment-16698206 ] Steinar Bang edited comment on SHIRO-654 at 11/25/18 3:42 PM: -- An alternate

[jira] [Commented] (SHIRO-654) Multiple shiro OSGi bundles export the same packages

[ https://issues.apache.org/jira/browse/SHIRO-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16698206#comment-16698206 ] Steinar Bang commented on SHIRO-654: An alternate view of the duplicates, using "package:expor

[jira] [Updated] (SHIRO-654) Multiple shiro OSGi bundles export the same packages

[ https://issues.apache.org/jira/browse/SHIRO-654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steinar Bang updated SHIRO-654: --- Description: (i) _Note_: Discovered in bundles built from the current master of shiro, i.e. version

Re: Using shiro 1.4

> Francois Papon : > Hi, > There is a PR opened by Guillaume about Karaf 4.x upgrade and features > validation : > https://github.com/apache/shiro/pull/63 Great! I couldn't find anything adressing the split packages issue...? https://issues.apache.org/jira/browse/SHIRO-654

[jira] [Commented] (SHIRO-655) shiro-core has an undesirable runtime OSGi dependency to spring-beans

[ https://issues.apache.org/jira/browse/SHIRO-655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697979#comment-16697979 ] Steinar Bang commented on SHIRO-655: Submitted pull request with a fix: https://github.com/apache

[jira] [Updated] (SHIRO-655) shiro-core has an undesirable runtime OSGi dependency to spring-beans

[ https://issues.apache.org/jira/browse/SHIRO-655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steinar Bang updated SHIRO-655: --- Description: The manifest.mf of the shiro-core jar has a runtime dependency

[jira] [Updated] (SHIRO-655) shiro-core has an undesirable runtime OSGi dependency to spring-beans

[ https://issues.apache.org/jira/browse/SHIRO-655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steinar Bang updated SHIRO-655: --- Description: The manifest.mf of the shiro-core jar has a runtime dependency

[jira] [Updated] (SHIRO-655) shiro-core has an undesirable runtime OSGi dependency to spring-beans

[ https://issues.apache.org/jira/browse/SHIRO-655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steinar Bang updated SHIRO-655: --- Labels: OSGi osgi (was: ) > shiro-core has an undesirable runtime OSGi dependency to spring-be

[jira] [Created] (SHIRO-655) shiro-core has an undesirable runtime OSGi dependency to spring-beans

Steinar Bang created SHIRO-655: -- Summary: shiro-core has an undesirable runtime OSGi dependency to spring-beans Key: SHIRO-655 URL: https://issues.apache.org/jira/browse/SHIRO-655 Project: Shiro

[jira] [Commented] (SHIRO-654) Multiple shiro OSGi bundles export the same packages

[ https://issues.apache.org/jira/browse/SHIRO-654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697902#comment-16697902 ] Steinar Bang commented on SHIRO-654: These duplicate packages may be the underlying issue

[jira] [Commented] (SHIRO-537) Class load issue in OSGI in ClassUtils

[ https://issues.apache.org/jira/browse/SHIRO-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697903#comment-16697903 ] Steinar Bang commented on SHIRO-537: I've reported the duplicate package exports as SHIRO-654 > Cl

[jira] [Created] (SHIRO-654) Multiple shiro OSGi bundles export the same packages

Steinar Bang created SHIRO-654: -- Summary: Multiple shiro OSGi bundles export the same packages Key: SHIRO-654 URL: https://issues.apache.org/jira/browse/SHIRO-654 Project: Shiro Issue Type: Bug

[jira] [Commented] (SHIRO-537) Class load issue in OSGI in ClassUtils

[ https://issues.apache.org/jira/browse/SHIRO-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697860#comment-16697860 ] Steinar Bang commented on SHIRO-537: I discovered that the package containing the missing class

[jira] [Commented] (SHIRO-537) Class load issue in OSGI in ClassUtils

[ https://issues.apache.org/jira/browse/SHIRO-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697774#comment-16697774 ] Steinar Bang commented on SHIRO-537: I tried to use the workaround mentioned in this bug

[jira] [Comment Edited] (SHIRO-537) Class load issue in OSGI in ClassUtils

[ https://issues.apache.org/jira/browse/SHIRO-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697763#comment-16697763 ] Steinar Bang edited comment on SHIRO-537 at 11/24/18 11:23 AM: --- I

[jira] [Commented] (SHIRO-537) Class load issue in OSGI in ClassUtils

[ https://issues.apache.org/jira/browse/SHIRO-537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16697763#comment-16697763 ] Steinar Bang commented on SHIRO-537: I encountered this issue when trying to move a use of shiro from

Re: Using shiro 1.4

>>>>> Steinar Bang : >>>>> Steinar Bang : >> It looks like shiro code uses reflection to load classes by name, and >> that can be a problem in an OSGi setting. See eg. this stack overflow >> answer >> https://stackoverflow.com/a/17940090 &

Re: Using shiro 1.4

> Francois Papon : > Hi Steinar, > There is a current thread in the Karaf team about making Shiro more OSGi > compliance and all contributions are welcome ;) How convenient! I was planning to start a thread in the karaf mailing list about this...:-)

  1   2   >