Can something be done to make Shiro support either Spring 2.5.6 or Spring
3.0 more seamlessly? I recently upgraded from 2.5.6 to 3.0 and found that
Shiro was including spring 2.5.6 as a dependency. I had to manually exclude
it in my pom.
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>${shiro.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
</exclusion>
</exclusions>
</dependency>
The good news is that this doesn't seem to have caused any problems for my
application. I saw another project that manages to support both versions in
their pom, but can't remember which project it was or how they did it. I'll
try to find it if it would help.
Of course I'm open to suggestions if there is a better way to deal with
this.
Thanks,
Tauren
On Fri, Jan 22, 2010 at 5:59 PM, Jason <[email protected]> wrote:
> ah, the question wasnt how to check, but how to configure.
> I mean how do u abandon the shiro.ini roles & permissions mechanism for
> TextConfigurationRealm etc and model it in spring instead.
> I thought in a previous post you mentioned this should be done.
>
> re the useage though I'm really keen for an aop solution, and an xml
> element something like this:
> <shiro:requires permissions="user:edit"/>
> that I could just drop into any spring bean would be great. far better for
> me than annotations.
>
> Cheers
> Jason.
>
>
>
> Les Hazlewood wrote:
>
>> Hi Jason,
>>
>> What do you mean by 'configure permissions' exactly? Typically
>> permission checks in standalone applications are done by explicitly
>> checking (subject.isPermitted(blah)) or using Shiro's
>> @RequiresPermissions annotation.
>>
>> Regards,
>>
>> Les
>>
>> On Thu, Jan 21, 2010 at 8:13 PM, Jason Eacott <[email protected]>
>> wrote:
>>
>>> thanks!
>>> now how do I configure permissions etc in spring for a standalone app?
>>>
>>>
>>> Les Hazlewood wrote:
>>>
>>>> The upcoming Shiro 1.0 release will have improved Spring application
>>>> support, especially for Spring web applications.
>>>>
>>>> In Shiro-enabled Spring web apps today, there was often a hybrid
>>>> configuration - you would usually define an INI-based Shiro Filter in
>>>> web.xml and configure it via INI mechanisms. But often you would
>>>> configure the SecurityManager and its dependencies (Realms, etc) in
>>>> applicationContext.xml. In Shiro 1.0, you will be able to configure
>>>> all of Shiro in your Spring files and only touch web.xml only when
>>>> setting up Shiro for the first time.
>>>>
>>>> There are many benefits for Spring users when configuring Shiro
>>>> entirely in Spring instead of in web.xml:
>>>>
>>>> 1) Shiro configuration can live along side where you configure the
>>>> rest of your application - no need to flip back between web.xml and
>>>> spring files when making configuration changes.
>>>> 2) Shiro configuration can leverage Spring-specific configuration
>>>> benefits, such as PropertyPlaceholderConfigurer for properties based
>>>> configuration at startup, spring-managed lifecycles (init-method,
>>>> destroy-method), circular dependency checks, and more.
>>>> 3) Custom javax.servlet.Filters that you could use in Shiro's powerful
>>>> url-pattern-based filter chain definitions can also be defined in
>>>> Spring and acquired automatically at startup.
>>>>
>>>> The current documentation for all of this is located here:
>>>>
>>>> http://cwiki.apache.org/confluence/display/SHIRO/Spring
>>>>
>>>> Please feel free to review and offer suggestions/improvements. The
>>>> mechanisms documented (using Spring's DelegatingFilterProxy and the
>>>> new ShiroFilterFactoryBean) have been tested and the two spring web
>>>> sample applications have been updated to use this approach.
>>>>
>>>> Early adopters are encouraged to use this newer support before 1.0 is
>>>> released as there probably won't be any significant changes to this
>>>> mechanism before then. (SecurityManager configuration might be
>>>> simplified via a Spring FactoryBean as well, but that won't affect web
>>>> configuration).
>>>>
>>>> Please give it a try and let us know what you think!
>>>>
>>>> Best,
>>>>
>>>> Les
>>>>
>>>>
>>
