I am new to both Spring and Shiro so please bear with me if I fail to word my problem correctly. I am developing a restful web service in Spring MVC and it is necessary to secure the system against unauthorised usage and my project manager wants to use Shiro as the solution. At the moment our primary concern is just a basic authentication system when a user performs an action upon a resource. I have been through multiple examples of setting up Shiro and none of them seem to work for my implementation and was wondering if it would be possible to recieve some guidance as to where I might be going wrong.
My current web.xml implementation: / <?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> <init-param> <param-name>config</param-name> <param-value> # The IniShiroFilter configuration is very powerful and flexible, while still remaining succinct. # Please read the org.apache.shiro.web.servlet.IniShiroFilter JavaDoc for information. # Quick Tip: Instead of having this configuration here in web.xml, you can instead # move all of this to a 'shiro.ini' file at the root of the classpath and remove # the 'config' init-param. Or you can specify the 'configPath' init-param and specify the # path to a resource at any location (url, file or classpath). This may be desired if the # config gets long and you want to keep web.xml clean. [users] # format: username = password, role1, role2, ..., roleN root = secret,admin guest = guest,guest presidentskroob = 12345,president,admin darkhelmet = ludicrousspeed,darklord,schwartz lonestarr = vespa,goodguy,schwartz [roles] # format; roleName = permission1, permission2, ..., permissionN admin = * schwartz = lightsaber:* goodguy = winnebago:drive:eagle5 [urls] /ipf/** = authcBasic </param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>ServletAdaptor</servlet-name> <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>ServletAdaptor</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping> <session-config> <session-timeout> 30 </session-timeout> </session-config> </web-app>/ ---------------------------------------------- And my application context so you can getter a better understanding of the services general implementation: ----------------------------------------------- / <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:tx="http://www.springframework.org/schema/tx"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd "> <context:annotation-config /> <tx:annotation-driven /> <bean id="farmDAO" class="com.ipf.persistance.JpaFarmDAO" /> <bean id="farmerDAO" class="com.ipf.persistance.JpaFarmerDAO" /> <bean id="farmeradvisorDAO" class="com.ipf.persistance.JpaFarmerAdvisorDAO" /> <bean id="timingDAO" class="com.ipf.persistance.JpaTimingDAO" /> <bean id="varietyDAO" class="com.ipf.persistance.JpaVarietyDAO" /> <bean id="cropDAO" class="com.ipf.persistance.JpaCropDAO" /> <bean id="farmercropDAO" class="com.ipf.persistance.JpaFarmerCropDAO" /> <bean id="zoneDAO" class="com.ipf.persistance.JpaZoneDAO" /> <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"> <property name="entityManagerFactory" ref="entityManagerFactory"/> <property name="dataSource" ref="dataSource"/> </bean> <bean id="persistenceAnnotation" class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" /> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="${db.driverClass}" /> <property name="url" value="${db.connectionURL}" /> <property name="username" value="${db.username}" /> <property name="password" value="${db.password}" /> </bean> <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource" /> <property name="jpaVendorAdapter" ref="jpaVendorAdapter" /> </bean> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> <property name="database" value="POSTGRESQL" /> <property name="showSql" value="true"/> <property name="generateDdl" value="false"/> <property name="databasePlatform" value="org.hibernate.dialect.PostgreSQLDialect" /> </bean> </beans> / ------------------------------------------------------- The problem I am currently facing is that the resources are still available no matter what configuration option I use. I should also mention I have tried the method of including the ini data in a file and setting up Shiro through beans however the result remained the same. There are no compilation errors to indicate a problem but the login page I would expect is not available and resources are returned normally. I am curious as to whether I am totally barking up the wrong tree or if I am relatively close in how I am trying to progress. Thankyou for your time! :) -- View this message in context: http://shiro-user.582556.n2.nabble.com/Setting-up-Shiro-to-work-with-spring-and-Jersey-Jackson-tp6948893p6948893.html Sent from the Shiro User mailing list archive at Nabble.com.
