HI,
Sorry it took me a while to get back to you but we had 4 feet of snow
last night and I had to dig out lol.
I think maybe I am going down the wrong path. I am using the Grails
Shiro plugin which appears to implement a DefaultWebSecurityManager
and that is the security manager I am picking up in the bootstrap
execution within grails. Now I don't think the bootstrap runs within
a request so I don't have request response available in the bootstrap
class just the servlet context. So no matter which type of subject i
create I get an error. In order to create a Websubject I need a
request and response which I do not have.
Object userIdentity = "admin";
String realmName = "localizedRealm";
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new
WebSubject
.Builder
(shiroSecurityManager
,request,response).principals(principals).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
If I try to create a normal subject I get complaints from the security
manager that there is not request.
Object userIdentity = "admin";
String realmName = "localizedRealm";
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new
Subject
.Builder(shiroSecurityManager).principals(principals).buildSubject();
ThreadState threadState = new SubjectThreadState(subject);
threadState.bind();
Is there a way to get a normal security manager from the shiro plugin
or do i need to create my own security manager for this case or can i
actually get a request and response from the bootstrap class in
grails. I am a little over my head at the level of the frameworks i
am at now.
Any ideas on what to explore next? I think this can be done I am just
missing one critical part.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
[email protected]
(303) 263-3044
On Oct 28, 2009, at 6:35 PM, Les Hazlewood wrote:
Hi Scott,
Good catch on the build() mistake. I've updated the wiki. I also
made some changes to break out the Thread Association sections into 3
approaches (not 2). Please check it again (I _just_ finished these
changes like 2 minutes ago) and see if that helps.
Also, you caught an interesting scenario and I updated the wiki to
note this scenario - you're absolutely right that the standard
Subject.Builder can't be used during a web request. Because the
Subject and Subject.Builder have no knowledge of web APIs to ensure a
clean separation of concerns, the WebSubject and WebSubject.Builder
exist for this reason.
They are located in the org.apache.shiro.web.subject package and are
used in the exact same way:
Subject subject = WebSubject.Builder(...). ... .buildSubject();
Also, per the wiki documentation, just building the Subject instance
is not enough - it must be bound to the currently executing thread so
any SecurityUtils.getSubject() calls work properly. The wiki page I
wrote covers all 3 approaches to show you how to do this.
I recommend that you use the "Automatic Association" approach - it is
the easiest to use.
Let me know how that goes!
Cheers,
Les
On Wed, Oct 28, 2009 at 7:54 PM, Scott Ryan <[email protected]>
wrote:
Thank you for the information. I am close but still scratching my
head on
what is wrong.
Note there is a line in the wiki help that reads
Subject subject = new
Subject.Builder().principals(principals).build();
but should it not read
Subject subject = new
Subject.Builder().principals(principals).buildSubject();
So here is what I have so far in my bootstrap.groovy
class BootStrap
{
def shiroSecurityManager
def init =
{servletContext ->
void buildSubject()
{
Object userIdentity = "admin";
String realmName = "localizedRealm";
PrincipalCollection principals = new
SimplePrincipalCollection(userIdentity, realmName);
Subject subject = new
Subject
.Builder(shiroSecurityManager).principals(principals).buildSubject();
// This is line 164
}
}
}
I assume since I am in a servletContext it is a web request and
therefore I
don't have to bind the subject to the Thread?
I am getting the following errors:
Caused by: java.lang.IllegalStateException: ServletRequest is not
available!
A ServletRequest must be present in either the Subject context
map, on an
existing WebSubject or via the thread context. This exception is
probably
indicative of an erroneous application configuration.
at
org
.apache
.shiro
.web
.mgt
.DefaultWebSubjectFactory
.getServletRequest(DefaultWebSubjectFactory.java:72)
at
org
.apache
.shiro
.web
.mgt
.DefaultWebSubjectFactory
.getInetAddress(DefaultWebSubjectFactory.java:108)
at
org
.apache
.shiro
.web
.mgt
.DefaultWebSubjectFactory
.createSubject(DefaultWebSubjectFactory.java:118)
at
org
.apache
.shiro
.mgt
.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:
347)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:
684)
at BootStrap.buildSubject(BootStrap.groovy:164)
at BootStrap$_closure1.doCall(BootStrap.groovy:108)
Is there something I am missing in the setup?
It looks like the following thread discusses this but it is unclear
on the
solution
http://www.mail-archive.com/[email protected]/msg00172.html
It is to hard to locate any of the referenced classes as they seem
to keep
moving packages and there is no javadoc to help me find them. i
can't even
find the SVN repo to look there. I assume I am supposed to use
WebSubjectBuilder instead of the above but not sure how. What
package is
WebSubjectBuilder in currently?
The next step is to insert data in to the database using the
subject that
was created.
Scott Ryan
President/CTO
Soaring Eagle L.L.C.
[email protected]
(303) 263-3044
On Oct 28, 2009, at 4:04 PM, Les Hazlewood wrote:
Hi Scott,
Yep, this is a new feature available in Shiro 1.0. In an effort to
create good documentation (and so I don't get lazy and rely on
archived mailing lists as documentation - yuck!), I've documented
this
extensively here:
http://cwiki.apache.org/confluence/display/SHIRO/Subject
Please feel free to offer suggestions or ask questions.
Cheers,
Les
On Wed, Oct 28, 2009 at 2:48 PM, Peter Ledbrook <[email protected]
>
wrote:
Here is the thread I am referring to
http://www.nabble.com/BootStrapping-a-class-that-requires-a-Session-for-beforeInsert-to-work-td25788207.html
It's javadoced well, but the docs aren't online yet as far as I can
tell. If you can read native javadoc format:
http://svn.apache.org/repos/asf/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/subject/Subject.java
Otherwise, I'll leave it to Les to answer this one (I've never used
Subject.Builder).
Cheers,
Peter
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
