Hi Chris,
In a web app, SecurityUtils.getSecurityManager() will return the Web
SecurityManager during the Filter's execution and revert to any
previously accessible SecurityManager when the filter is done.
The key is to ensure that the web-specific SecurityManager you
configure (e.g. via the INI that you showed) is available in the
ShiroFilter (i.e. the getSecurityManager() method returns your
INI-configured instance). The Filter will do the necessary logic to
ensure that the web SecurityManager instance is used for any request
that flows through the Filter chain.
Finally, you don't need to instantiate the DefaultWebSecurityManager -
that is done automatically by the 1.1 IniShiroFilter. Assuming you're
programmatically instantiating that Filter, you can do this:
final Ini ini = //populate here, as you've shown.
IniShiroFilter filter = new IniShiroFilter() {
protected Ini loadIniFromConfig() {
return ini;
}
}
Then initialize the filter instance:
filter.init(filterConfig);
That's it - you're done. Plug in the filter instance to Jetty however
you plan on doing that today.
HTH!
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
