No reason really - I think it was an oversight. I think we should probably add it to DefaultFilter.
-- Les Hazlewood CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> On Wed, May 9, 2012 at 9:16 AM, Jared Bunting <[email protected]>wrote: > I have no objections to that. > > My policy for the keys in ShiroWebModule was to duplicate exactly the > enum values in DefaultFilter. (This is enforced by DefaultFiltersTest.) > > So, I'm curious if there's a reason that PassThruAuthenticationFilter > wasn't added as a default filter originally? > > -Jared > > On Wed 09 May 2012 03:39:50 AM CDT, Alex opn wrote: > > > > It's a bit offtopic, sorry for that but I think it's not worth an own > > thread. I'm also using shiro with guice and realized that there's no > > built in Key for PassThruAuthenticationFilter.class. It's no big deal > > to add this in the extending shiro guice module but anyway it would be > > nice to have all Keys ready to use for the standard shiro filters > > available. > > > > On Tue, May 8, 2012 at 11:47 PM, Jared Bunting > > <[email protected] <mailto:[email protected]>> > wrote: > > > > Guess I wasn't fast enough. That looks correct to me. That would be > > equivalent to the following in shiro.ini: > > > > /pathtorestserver/** = noSessionCreation,authcBasic,rest[permission] > > > > -Jared > > > > On Tue 08 May 2012 02:07:19 PM CDT, Warren Bell wrote: > > > I think I figured it out. > > > > > > addFilterChain("/pathtorestservice/**", NO_SESSION_CREATION, > > > AUTHC_BASIC, config(REST, "permission")); > > > > > > I just happened to be looking for that. > > > > > > Thanks, > > > > > > Warren Bell > > > > > > On 5/8/12 12:03 PM, Les Hazlewood wrote: > > >> I'm not a Guice user, so I can't answer that question - maybe > > Jared could > > >> help here (author of the Guice support). > > >> > > >> There is a com.google.inject.Key available for its class however as > > >> ShiroWebModule.NO_SESSION_CREATION. I wouldn't know what to do > > with that > > >> though - but hopefully it gives you some ideas. > > >> > > >> Cheers, > > >> > > >> -- > > >> Les Hazlewood > > >> CTO, Stormpath | http://stormpath.com <http://www.stormpath.com/> | > > >> 888.391.5282 > > >> twitter: @lhazlewood | http://twitter.com/lhazlewood > > >> blog: http://leshazlewood.com > > >> stormpath blog: > > >> http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> > > >> > > >> > > >> On Tue, May 8, 2012 at 11:56 AM, Warren Bell > > <[email protected] <mailto:[email protected]>> wrote: > > >> > > >>> How would the url /rest/** = noSessionCreation,authcBasic look > > in the > > >>> ShiroWebModule ? > > >>> > > >>> Thanks, > > >>> > > >>> Warren Bell > > >>> > > >>> On 5/8/12 11:42 AM, Les Hazlewood wrote: > > >>>> Hi Will, > > >>>> > > >>>> I assume when you say 'auth' you mean AuthC, aka > > Authentication and not > > >>>> AuthZ, Authorization. If so, there isn't any current docs on > > it, but it > > >>> is > > >>>> super simple. Here is how you do it in shiro.ini (for > > example, assuming > > >>>> /rest/** endpoints are stateless): > > >>>> > > >>>> > > >>>> [urls] > > >>>> /rest/** = noSessionCreation,authcBasic > > >>>> > > >>>> The 'noSessionCreation' filter ensures that Shiro (or anyone > > else further > > >>>> down the filter chain) won't create a new Http Session, enforcing > > >>>> statelessness. The authcBasic is a typical HTTP Basic > > Authentication > > >>>> filter that calls subject.login. > > >>>> > > >>>> HTH, > > >>>> > > >>>> -- > > >>>> Les Hazlewood > > >>>> CTO, Stormpath | http://stormpath.com > > <http://www.stormpath.com/> | > > >>>> 888.391.5282 > > >>>> twitter: @lhazlewood | http://twitter.com/lhazlewood > > >>>> blog: http://leshazlewood.com > > >>>> stormpath blog: > > >>>> > > http://www.stormpath.com/blog<http://www.stormpath.com/blog/index> > > >>>> > > >>>> > > >>>> On Tue, May 8, 2012 at 2:23 AM, Will Sargent > > <[email protected] <mailto:[email protected]>> > > >>> wrote: > > >>>> > > >>>>> I've updated the play-shiro project to use 1.2.0 and Play 2.0.1. > > >>>>> > > >>>>> Is there an example for how to use stateless auth in the > > shiro docs? I > > >>>>> was never quite sure about that. > > >>>>> > > >>>>> Will. > > >>>>> > > >>>>> On Wed, May 2, 2012 at 6:35 PM, Claire Hunsaker > > <[email protected] <mailto:[email protected]> > > >>>> wrote: > > >>>>> > > >>>>>> Hi All - > > >>>>>> > > >>>>>> There has been a lot of good Shiro action on GitHub > > recently, including > > >>>>>> some worthy, in-progress projects that could use some extra > > hands > > >>> (marked > > >>>>>> below with **). > > >>>>>> > > >>>>>> In case you want to jump in, I posted a roundup on the > > Stormpath blog: > > >>>>>> > > http://www.stormpath.com/blog/github-roundup-new-apache-shiro-projects > > >>>>>> > > >>>>>> Included: > > >>>>>> -- Grails Integration > > >>>>>> -- Play/Shiro Integration** > > >>>>>> -- Spring MVC + Shiro + myBatis + JSR-303 Validation from > > Bubba** > > >>>>>> -- Shiro on Google App Engine > > >>>>>> -- OAuth for Shiro > > >>>>>> -- Lift Integration for Apache Shiro > > >>>>>> -- 55 Minutes Wicket > > >>>>>> > > >>>>>> Please let me know if I missed any! > > >>>>>> Claire > > >>>>>> > > >>>>>> -- > > >>>>>> Claire Hunsaker > > >>>>>> VP Community and Marketing, Stormpath > > >>>>>> [email protected] <mailto:[email protected]> > > >>>>>> www.stormpath.com <http://www.stormpath.com> > > >>>>>> Follow us: @goStormpath > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>> > > >>>> > > >>> > > >> > > > > > > > > >
