Shiro does not work inside the Apache Web server as it is a Java framework. There is no way Shiro can secure a static resource unless it is served from a Java-capable web server, like Tomcat or Jetty. The _only_ way this could work is if someone created an Apache HTTPD module in C or C++ that could communicate with a Shiro-enabled server to perform security checks.
However, I offer a different suggestion that will be more valuable I think: for static resources, use Tomcat with the Apache Portable Runtime (APR): http://tomcat.apache.org/tomcat-7.0-doc/apr.html Because Tomcat links to the APR, and the APR is the _same_ runtime that the Apache Web Server uses to serve static content, you will get the exact same performance. There is absolutely no reason to use Apache anymore to serve static content if you're already using Tomcat. The only reason to use Apache w/ Tomcat these days is for convenience - where Apache reverse-proxies one or more Tomcat or Jetty installations so it can offload SSL or consolidate HTTP endpoints on a single machine. But these are conveniences - there is no _need_ to offload static file serving anymore when using Tomcat + the APR. HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Sat, Oct 1, 2011 at 4:46 PM, JMalkan <[email protected]> wrote: > Hi, > > My app is currently configured for Authentication & Authorization with Shiro > and it works perfectly on AppServer Tomcat. > > We have thin server architecture. > Client is mostly JavaScripts and few HTML using JQuery and JMVC where MVC > pattern is implemented on the client side and async calls are made to > server. Server side is mostly REST Services serving clients. > > To improve performance and scaling, we have decided to move all static > resources like HTML/JavaScripts/Images... to Apache web server. > > I am trying to figure out the best way to apply Authentication & > Authorization. > > I am hoping some of you have done this and been there. So I would not have > to reinvent the wheel. > Any help here is appreciated. > > > > Jiggy. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/How-to-configure-static-Resource-on-WebServer-for-Authentication-Authorization-tp6850961p6850961.html > Sent from the Shiro User mailing list archive at Nabble.com.
