Thanks for your help. I now have it working with both Embedded Jetty and Standalone Application.
It has however created a couple more questions which I'm sure you can answer. 1) I have a single shiro.ini file for both implementations and my existing Standalone Application has the following setting in the .ini file. However this causes an exception for the Embedded Jetty version becuase I guess it wants to use the standard Web Context Session Timeout. How can I specify this in the .ini without causing the web version to throw an exception?? securityManager.sessionManager.globalSessionTimeout = 180000 2) I have an existing issue with the activeDirectoryRealm which is still occuring with the Jetty implementation. If I have the activeDirectoryRealm enabled in my .ini file the authentication against the user accounts specified in the file do not need a password, i.e. I can type in the username and enter no password and it authenticates fine (which is incorrect). If I comment out the activeDirectoryRealm it does require the passwords. I am obviously missing something?? The user accounts in the file aren't in the active directory domain. I don't know if this is an issue with our Active Directory Server or with Shiro. How can I tell? Have you seen this before?? My .ini file is below: # ======================= # Shiro INI configuration # ======================= [main] # Objects and their properties are defined here, # Such as the securityManager, Realms and anything # else needed to build the SecurityManager activeDirectoryRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm activeDirectoryRealm.url = ldap://<ip address not shown>:389 #activeDirectoryRealm.systemUsername = uid=admin,ou=system #activeDirectoryRealm.systemPassword = secret #activeDirectoryRealm.searchBase = o=sevenSeas,ou=people synapseRealm = org.apache.shiro.realm.text.IniRealm synapseRealm.resourcePath = shiro.ini authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy #securityManager.sessionManager.globalSessionTimeout = 1800000 [users] # The 'users' section is for simple deployments # when you only need a small number of statically-defined # set of User accounts. testUser=password testUser1=password1 testUser2=password2 testUser3=password3 guest=guest matt=matt [roles] # The 'roles' section is for simple deployments # when you only need a small number of statically-defined # roles. [urls] # The 'urls' section is used for url-based security # in web applications. We'll discuss this section in the # Web documentation /** = authcBasic Thanks for the help Matt -- View this message in context: http://shiro-user.582556.n2.nabble.com/Integration-of-Shiro-with-Embedded-Jetty-tp7519712p7537097.html Sent from the Shiro User mailing list archive at Nabble.com.
