Here's my late +1
Thanks Hervé for checking reproducible builds!
Am Fr., 23. Feb. 2024 um 09:35 Uhr schrieb Francois Papon
:
>
> +1 (binding)
>
> Thanks Lenny for this major release!
>
> Regards,
>
> François
>
> On 20/02/2024 23:35, le...@flowlogix.com wrote:
>
> This is a call to vote in
+1
Still asking for help with the docs, though.
Am Fr., 9. Feb. 2024 um 15:39 Uhr schrieb Brian Demers :
>
> +1
>
> On Thu, Feb 8, 2024 at 1:59 AM Francois Papon
> wrote:
>>
>> +1
>>
>> On 07/02/2024 01:55, le...@flowlogix.com wrote:
>>
>> Proposal: Release Shiro 2.x Beta
>> Since docs are
+1
On Tue, 7 Nov 2023, 23:56 , wrote:
> This is a call to vote in favor of releasing Apache Shiro version
> 2.0.0-alpha-4
>
> Maven Staging repo:
> https://repository.apache.org/content/repositories/orgapacheshiro-1057
>
>
Hi Jakub,
they should not be accessible from anywhere. It possibly slipped
through reviews.
The new hash dependencies are thought to be runtime dependencies. You
should never ever need them in your classpath while compiling, only
while testing and running the actual application.
Does that help?
+1 (binding)
> On Tue, Jul 11, 2023 at 3:57 PM fpapon wrote:
> >
> > This is a call to vote in favor of releasing Apache Shiro version 1.12.0.
> >
> > We solved 1 Issue:
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310950=12353403
> >
> > Maven Staging repo:
> >
+1
Am Fr., 20. Jan. 2023 um 13:14 Uhr schrieb Steve Lopez
:
>
> +1
>
> On Fri, Jan 20, 2023 at 5:35 AM fpapon wrote:
>>
>> Hi,
>>
>> After several discussion on the mailing, I would like to start a vote to
>> set the minimal version of the JDK to the version 11 starting to Shiro 2.x.
>>
>> Vote
Hi,
my +1 for this proposal. Breaking changes (new Java baseline) requires
a new version.
Romain pointed out that MRJars, as Les suggested, have undefined
behaviour in web apps. We also found only few use cases in most apps.
Let's keep them in mind for when we *really* need them, shall we?
For
The Shiro team is pleased to announce the release of Apache Shiro
version 1.10.1.
This security release contains 5 fixes since the 1.10.0 release and is
available for Download now [1].
Bug
[SHIRO-892] - No Guice binding for newly introduced ShiroFilterConfiguration
[SHIRO-893] - NPE caused by
Hi Alex!
You are right. We skipped it for this release because it was not finished.
We hope to be able to deliver it in the next release.
We'll keep you posted via new blog posts.
- Ben
On Mon, 24 Oct 2022, 12:53 Alex Orlov via user,
wrote:
> Hello!
>
> According to
Hi Telmo!
Sorry for the late reply.
> How can I, after creating a Shiro Subject, add roles to it?
and
> it would be better to use something like an AuthorizingRealm
You are right: It is usually the realms which add roles to a subject.
And actually, the roles are not bound to on login-time.
gt;> gzip.setIncludedMimeTypes("text/html", "text/plain", "application/json");
>>>
>>> RequestHandler requestHandler = new RequestHandler(this.gson, this.tractDB);
>>>
>>> context.insertHandler(requestHandler);
>>> co
Hi!
I think you need to init an environment and make it available
throughout all of the requests.
Look at this section:
https://shiro.apache.org/web.html#shiro_1_2_and_later
Especially the part "what it does": "(... including the
SecurityManager) and makes it accessible in the ServletContext.
Signature okay, hashes okay, Release notes are okay, the classes I
looked at are okay as well.
+1
Am Mi., 16. März 2022 um 13:55 Uhr schrieb Francois Papon
:
>
> This is a call to vote in favor of releasing Apache Shiro version 1.9.0.
>
> We solved 20 issues for 1.9.0:
>
>
there are no strong requirements with a particular
> hash, but it's required to have any mechanism to verify source artifacts.
> So, as it's an easy fix, I agree that it would be better to cancel this vote
> to include sha512 hash on source artifacts.
>
> Regards
> JB
>
> On Wed,
Hi Dinakar!
So far we only changed the artifacts
(https://issues.apache.org/jira/browse/SHIRO-750) but kept the
javax-namespace. The jakarta-namespace will be introduced with a later
jakarta version (I think EE 9, if I am not mistaken).
When this happens, the best solution is to use an
., 6. Nov. 2021 um 10:39 Uhr schrieb Roberto Bottoni
:
>
> Hi Ben,
>
> yes!.. the case is : ...or did you lose a password and need to recover
> it?
> How can i do that ?
>
> Roberto
>
>
>
>
> Il 05-11-2021 21:41 Benjamin Marwell ha scritto:
> > Hi Robert
Hi Robert,
Why do you think you need the plain text password?
Shiro matches the password supplied by subsequent authentication
attempts by going through the Sha256Hash algorithm again and comparing
the hashed outputs.
This way, you can safely[1] store the hash and salt without giving
away a
che/shiro-labs` git repo to test out
> ideas for things that are NOT ready for the main tree. (Maven does
> something similar with https://github.com/apache/maven-studies/)
>
> On Sun, Aug 1, 2021 at 4:00 PM Benjamin Marwell wrote:
>
> > Hi everyone,
> >
> > we had
Hi everyone,
we had a discussion in slack, that later versions of shiro might want
to concentrate on CDI-ish/jndi based usages. Not that this would be a
target for 2.0, but SHIRO-206 [1] wants to add JSF support.
Unless someone wants to maintain it actively in the project, I would
vote to remove
Hi Alex!
We do not have a release date. We are still in the brainstorming process.
A lot of ideas do not yet have any PRs.
We might need to do some additional relocation of packages for 2.0 + JPMS.
We haven't looked too much into this, but I think we could provide
"Automatic-Module-Name" entries
Hi Alina,
thanks for your report. Can you modify your test environment in such a
way that you can find the exact version where it happens for the first
time?
1.2.3 to 1.7.0 is quite a big leap.
Some random things which we modified and categorize as a breaking change:
Default ciphers were changed
Hi Schlool,
authenticating (enabling log-in) and authorizing (getting
roles/permissions) are two different things.
This means, you implemented an AuthenticatingRealm, which will enable
your users to log-in.
Now you need to implement an AuthorizingRealm, which queries the
source for their roles,
Hello Schlool,
in that case you would still be able to write your own Authenticator.
Just define as much Realms as you wish and then write your own
Authenticator which selects the Realm based on the name.
As a template you could use the ModularRealmAuthenticator[1].
Instead of iterating through
The Shiro team is pleased to announce the release of Apache Shiro version 1.7.1.
This security release contains 1 fix since the 1.7.0 release and is
available for Download now [1].
Bug
[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version
2.0.7 dependency error
CVE-2020-17523:
Loading from an external classpath environment variable might be the
problem and not supported anymore. Have you tried putting the shiro jars
into the .war (which is inside the ear file) instead?
I have little knowledge about weblogic, but I know from other application
servers they will
It depends.
I use jwt tokens. No chance here to invalidate them, but they get
invalidate pretty quickly anyway.
But you can use any *distributed* session storage you like: a DBMS, a
memory grid like hazelcast, or create your own local storage and sync them
via jGroups, or even EJBs. It doesn't
Correct.
To complete the picture:
https://shiro.apache.org/terminology.html
Also, the PrincipalCollection knows which realms the user is known in. This
is why most methods return such a collection, not a single Principal.
Most apps only have one realm, but they could have multiple realms. E.g.
Yes exactly. You should replace "no authentication" with "hidden
authentication".
For example:
You can use a second realm for this which knows the public part of the
certificate. The client could be configured to automatically pass the
corresponding private certificate.
Am Fr., 15. Mai 2020 um
0, "Francois Papon" <
>> francois.pa...@openobject.fr> wrote:
>>
>> I am using Shiro with a Jdk11 and I never had issues.
>>>
>>> We also have a Jenkins job for the build with JDK11 but the target build
>>> for the source code still Jav
I never had issues with it, but there is no module descriptor yet. Thus, it
depends on what you mean by "support java9".
On Mon, 4 May 2020, 04:40 sreenivas harshith,
wrote:
> Hi all,
>
> Does shiro support java 9 and above ?
>
> Regards,
> Sreenivas.
>
>
>
> On Sun, May 3, 2020 at 4:27 PM
It is a known issue that these classes do not extend AbstractLdapRealm.
However, you could extend the DefaultLdapRealm and implement
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals);
the way you need it.
On Thu, 9 Apr 2020, 22:43 mrprib, wrote:
> Is it
Agreed, no oauth server - I was just talking about validating bearer tokens
anyway. Didn't mention this, though. Sorry.
Am Mo., 6. Apr. 2020 um 16:40 Uhr schrieb Brian Demers <
brian.dem...@gmail.com>:
> Personally I don't think Shiro should implement an Authorization Server,
> I think there is
set of
> attributes?
>
> ```
> Subject.getAttribute("givenName") == "Brian
> ```
>
> (something similar could be used when building a set of roles:
>
> ```
> principalCollection.get("groups")
> ```
>
> Thoughts?
>
>
> O
I want to throw in JSON web tokens (JWT).
It is a mess to work with them right now.
JWT can also be very complicated. They can only hold Authentication data,
or they can hold roles, or even permission (if it is not getting too long).
I settled to create another realm. If the JWT contains
https://issues.apache.org/jira/browse/SHIRO-752
Am Mi., 1. Apr. 2020 um 12:37 Uhr schrieb Modanese, Riccardo
:
>
> I’m not too familiar with Shiro code but I tried to implement the changes in
> a draft [1].
> I’m not too confident about the changes I did in the visibility of few
> methods and
just one call per realm. On the other hand, if
>> there are few realms, as you said, the risk is to execute checks also if the
>> result is already determined.
>>
>> Then, assuming to have one realm, do you think our solution could be right?
>>
&g
I think you "just" changed the loop:
The current ModularRealmAuthorizer checks:
boolean permission[]
For every permission
for every realm
permission[i] = isPermitted
But your loop does:
boolean permission[]
For every realm
for every permission
permission[i] = isPermitted
37 matches
Mail list logo