Guess I wasn't fast enough. That looks correct to me. That would be
equivalent to the following in shiro.ini:
/pathtorestserver/** = noSessionCreation,authcBasic,rest[permission]
-Jared
On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote:
> I think I figured it out.
>
> addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION,
> AUTHC_BASIC, config(REST, "permission"));
>
> I just happened to be looking for that.
>
> Thanks,
>
> Warren Bell
>
> On 5/8/12 12:03 PM, Les Hazlewood wrote:
>> I'm not a Guice user, so I can't answer that question - maybe Jared could
>> help here (author of the Guice support).
>>
>> There is a com.google.inject.Key available for its class however as
>> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do with that
>> though - but hopefully it gives you some ideas.
>>
>> Cheers,
>>
>> --
>> Les Hazlewood
>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>> 888.391.5282
>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>> blog: http://leshazlewood.com
>> stormpath blog:
>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>
>>
>> On Tue, May 8, 2012 at 11:56 AM, Warren Bell <[email protected]> wrote:
>>
>>> How would the url /rest/** = noSessionCreation,authcBasic look in the
>>> ShiroWebModule ?
>>>
>>> Thanks,
>>>
>>> Warren Bell
>>>
>>> On 5/8/12 11:42 AM, Les Hazlewood wrote:
>>>> Hi Will,
>>>>
>>>> I assume when you say 'auth' you mean AuthC, aka Authentication and not
>>>> AuthZ, Authorization. If so, there isn't any current docs on it, but it
>>> is
>>>> super simple. Here is how you do it in shiro.ini (for example, assuming
>>>> /rest/** endpoints are stateless):
>>>>
>>>>
>>>> [urls]
>>>> /rest/** = noSessionCreation,authcBasic
>>>>
>>>> The 'noSessionCreation' filter ensures that Shiro (or anyone else further
>>>> down the filter chain) won't create a new Http Session, enforcing
>>>> statelessness. The authcBasic is a typical HTTP Basic Authentication
>>>> filter that calls subject.login.
>>>>
>>>> HTH,
>>>>
>>>> --
>>>> Les Hazlewood
>>>> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> |
>>>> 888.391.5282
>>>> twitter: @lhazlewood | http://twitter.com/lhazlewood
>>>> blog: http://leshazlewood.com
>>>> stormpath blog:
>>>> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index>
>>>>
>>>>
>>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent <[email protected]>
>>> wrote:
>>>>
>>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1.
>>>>>
>>>>> Is there an example for how to use stateless auth in the shiro docs? I
>>>>> was never quite sure about that.
>>>>>
>>>>> Will.
>>>>>
>>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker <[email protected]
>>>> wrote:
>>>>>
>>>>>> Hi All -
>>>>>>
>>>>>> There has been a lot of good Shiro action on GitHub recently, including
>>>>>> some worthy, in-progress projects that could use some extra hands
>>> (marked
>>>>>> below with **).
>>>>>>
>>>>>> In case you want to jump in, I posted a roundup on the Stormpath blog:
>>>>>> http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects
>>>>>>
>>>>>> Included:
>>>>>> -- Grails Integration
>>>>>> -- Play/Shiro Integration**
>>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from Bubba**
>>>>>> -- Shiro on Google App Engine
>>>>>> -- OAuth for Shiro
>>>>>> -- Lift Integration for Apache Shiro
>>>>>> -- 55 Minutes Wicket
>>>>>>
>>>>>> Please let me know if I missed any!
>>>>>> Claire
>>>>>>
>>>>>> --
>>>>>> Claire Hunsaker
>>>>>> VP Community and Marketing, Stormpath
>>>>>> [email protected]
>>>>>> www.stormpath.com
>>>>>> Follow us: @goStormpath
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
