I have an application with security manager with a couple of custom
AuthorizingRealm implementations which I am trying desperately to reuse
in my embedded Jetty web application. I have wired up a login auth app
with no problem and it calls a class I specify in my inline shiro .ini
section of web.xml.
Even in my realms I specified I tried to use
SecurityUtils.getSecurityMagager and pass on auth information to the
pre-existing realm but this code returns a completely different security
manager (a DefaultWebSecurityManger class) where as calling that code in
the rest of my application, returns a DefaultSecurityManager, so Shiro
has automatically created 2 security managers, one for my Jetty apps and
one for my in memory?
I cannot figure out how to bridge this gap, allowing the already
existing AuthorizingRealms i've written for the rest of my (non web
app) to my embedded Jetty web applications or even better have one
security manager and realms for my server application and it's embedded
Jetty server. It seems like this would be a common usage scenario and
should be easily supported by Shiro.
Les has greatly helped me to get my web application secured using my own
specified realm classes for form based auth checks using web.xml/inline
.ini, going to a dummy auth realm class I wrote just to sure it is
being called,
and that is working fine.
I just need figure out how to bridge the gap now to reuse my already in
memory AuthorizingRealm implementations from my main (non-web) server
application and I am stuck
Has anyone successfully done this or something close? I have seen
plenty of shared session threads, but that comes later, for now I am
simply trying to share AuthorizingRealms between my
DefaultSecurityManager for my main app and my DefaultWebSecurityManager
that gets crated for my embedded Jetty application.
Thanks very much...
Chris
