On Fri, Mar 4, 2011 at 7:16 AM, Mark Engel <[email protected]> wrote: > Thanks for your response, Filipe. > > Unfortunately I did not get it to run. > Do you still use a ini file? If yes, what did you put inside of it? > Which class did you copy for ShiroAuthorizingMethodInterceptor? The > nearest I could find was > AopAllianceAnnotationsAuthorizingMethodInterceptor (which depends on > some spring libs, but seems to be generic enough) > > When I start the server with this configuration > (https://gist.github.com/6076864909ccb471b63a) I receive a > NullPointerException (https://gist.github.com/0357b9fca707d905b1d6) > > Can you define your own Realm via Guice with this method? > > Tamas: In this project the only reference to Guice is in the > GuiceServletConfig (and the web.xml) which is inherited from Guice. > Which code fragment do you mean?
We (including Tamas in the we) do not use the GuiceServletConfig, we use a the ini config shoved inside of our web.xml. Then we configure the component programmatically (and push in the injected bits). Its a pain, but it was a mostly smooth transition from jsecurity. Personally I want to get rid of the ini in our web.xml and replace the programmatic bits with IoC configured ones. For example we have a custom WebSecurityManager just so we can configure everything from the initialization methods. > > Mark > > On Thu, Mar 3, 2011 at 11:33 AM, Filipe Sousa <[email protected]> wrote: >> Hi, >> >> I needed to use the shiro in one application that already uses Guice >> and as such I have implemented a solution that is not perfect, but it >> works. >> >> I have a module called ShiroModule that intercepts the annotations. >> >> public class ShiroModule extends AbstractModule { >> @Override >> protected void configure() { >> ShiroAuthorizingMethodInterceptor interceptor = new >> ShiroAuthorizingMethodInterceptor(); >> bindInterceptor(any(), annotatedWith(RequiresRoles.class), >> interceptor); >> bindInterceptor(any(), >> annotatedWith(RequiresPermissions.class), interceptor); >> bindInterceptor(any(), >> annotatedWith(RequiresAuthentication.class), interceptor); >> bindInterceptor(any(), annotatedWith(RequiresUser.class), >> interceptor); >> bindInterceptor(any(), annotatedWith(RequiresGuest.class), >> interceptor); >> } >> } >> >> I believe I have copied the class ShiroAuthorizingMethodInterceptor >> from shiro spring and removed two lines of code (spring dependencies) >> >> I also created a subclass of IniShiroFilter to inject the items >> created from shiro.ini >> >> @Singleton >> public class ShiroSecurityFilter extends IniShiroFilter { >> private final Injector injector; >> >> @Inject >> protected ShiroSecurityFilter(Injector injector) { >> this.injector = injector; >> } >> >> @Override >> protected Map<String, ?> applySecurityManager(Ini ini) { >> Map<String, ?> beans = super.applySecurityManager(ini); >> for (Entry<String, ?> b : beans.entrySet()) >> injector.injectMembers(b.getValue()); >> return beans; >> } >> } >> >> And finally, in my ServletModule I 'm doing this: >> >> install(new ShiroModule()); >> filter("/*").through(ShiroSecurityFilter.class); >> >> This was the quickest solution I found without having to think too >> much, but it is not the solution I want in the future. I'd like to get >> rid of shiro.ini and use a solution based only on Guice. >> >> If anyone has better solutions, do please share them. >> >> >> On Thu, Mar 3, 2011 at 5:58 AM, Mark Engel <[email protected]> wrote: >>> Hello, >>> >>> i tried to use Apache Shiro with Google Guice in a Servlet, but the >>> Dependency Injection does not work. >>> When I try to access a function that is protected by shiro I get an >>> error about a wrong configuration >>> >>> org.apache.shiro.UnavailableSecurityManagerException: No >>> SecurityManager accessible to the calling code, either bound to the >>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This >>> is an invalid application configuration. >>> >>> I created an example project which uses Apache Shiro, Google Guice and >>> Jersey to bootstrap an example rest api which you can find on github >>> (https://github.com/mren/java-rest-boilerplate) >>> >>> Could you help me to get this application running with Shiro? >>> This project could be shown on the website as an example on how to use >>> Shiro with other IoC Containers thant Spring. >>> >>> What is the cleanest way to use Shiro with Guice? >>> >> >> >> >> -- >> Filipe Sousa >> >
