On 08/14/2011 07:20 PM, manitas wrote: > Great ! > > It would be nice to put this demo in a standard maven format and push it to > a code repository so that everyone can contribute. I've got the sample project added as a maven module (and working) but I want to resolve SHIRO-283 first. I also need to do a little bit of homework on the copyrights - I know that Ryan essentially ported the spring security tutorial, so I want to make sure we have everything properly attributed. > I'm ok to help, do you want me to do this ? > > S > By the way, I have looked at the shiro-guice code and I have questions about > technical choices. Could you please tell me : > - What are the reasons why ShiroModule is a PrivateModule ? The reason for this is to encourage good practices.
Application code that is outside of the ShiroModule should really be interacting with the SecurityManager. Note that if your case has special needs, you can always expose another binding. However, I thought it was important not to expose all of Shiro. > -Why ShiroWebModule doesn't extend ServletModule to take advantage of what > offers guice for web app ? I thought a good deal about this. The conclusion I reached was, in large part, based on the above statement about private modules. A module can't be both a servlet module and a private module. In addition, in order for ShiroWebModule to extend ServletModule, it would not be able to extend ShiroModule. On top of that, what does the ServletModule really give us in this case? Basically, its an easy way to define filters and servlets. Well, not only is that not something that really makes sense in the ShiroWebModule, but it could potentially confuse the issue with defining shiro filter chains, and introduce another set of errors. > it would solve the following issue > https://issues.apache.org/jira/browse/SHIRO-318 as we would be able to > inject ServletContext. I don't believe this is true. When I attempted to define a singleton in a ServletModule that injected ServletContext, I got the same deprecation warning. I am led to believe that guice-servlets does not intend to support any ServletContext injected into a singleton. > Thanks in advance for your help. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Guice-shiro-jersey-tp6673315p6685940.html > Sent from the Shiro User mailing list archive at Nabble.com. Thanks, Jared
