I think I figured it out.
addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
AUTHC_BASIC, config(REST, "permission"));
I just happened to be looking for that.
Thanks,
Warren Bell
On 5/8/12 12:03 PM, Les Hazlewood wrote:
> I'm not a Guice user, so I can't answer that question - maybe Jared could
> help here (author of the Guice support).
>
> There is a com.google.inject.Key available for its class however as
> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with that
> though - but hopefully it gives you some ideas.
>
> Cheers,
>
> --
> Les Hazlewood
> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
> 888.391.5282
> twitter: @lhazlewood | http://twitter.com/lhazlewood
> blog: http://leshazlewood.com
> stormpath blog:
> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>
>
> On Tue, May 8, 2012 at 11:56 AM, Warren Bell <[email protected]> wrote:
>
>> How would the url /rest/** = noSessionCreation,authcBasic look in the
>> ShiroWebModule ?
>>
>> Thanks,
>>
>> Warren Bell
>>
>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
>>> Hi Will,
>>>
>>> I assume when you say 'auth' you mean AuthC, aka Authentication and not
>>> AuthZ, Authorization. If so, there isn't any current docs on it, but it
>> is
>>> super simple. Here is how you do it in shiro.ini (for example, assuming
>>> /rest/** endpoints are stateless):
>>>
>>>
>>> [urls]
>>> /rest/** = noSessionCreation,authcBasic
>>>
>>> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
>>> down the filter chain) won't create a new Http Session, enforcing
>>> statelessness. The authcBasic is a typical HTTP Basic Authentication
>>> filter that calls subject.login.
>>>
>>> HTH,
>>>
>>> --
>>> Les Hazlewood
>>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>>> 888.391.5282
>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>>> blog: http://leshazlewood.com
>>> stormpath blog:
>>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>>
>>>
>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <[email protected]>
>> wrote:
>>>
>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>>>
>>>> Is there an example for how to use stateless auth in the shiro docs? I
>>>> was never quite sure about that.
>>>>
>>>> Will.
>>>>
>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <[email protected]
>>> wrote:
>>>>
>>>>> Hi All -
>>>>>
>>>>> There has been a lot of good Shiro action on GitHub recently, including
>>>>> some worthy, in-progress projects that could use some extra hands
>> (marked
>>>>> below with **).
>>>>>
>>>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>>>
>>>>> Included:
>>>>> -- Grails Integration
>>>>> -- Play/Shiro Integration**
>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>>>> -- Shiro on Google App Engine
>>>>> -- OAuth for Shiro
>>>>> -- Lift Integration for Apache Shiro
>>>>> -- 55 Minutes Wicket
>>>>>
>>>>> Please let me know if I missed any!
>>>>> Claire
>>>>>
>>>>> --
>>>>> Claire Hunsaker
>>>>> VP Community and Marketing, Stormpath
>>>>> [email protected]
>>>>> www.stormpath.com
>>>>> Follow us: @goStormpath
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
