I use Shiro to replace WS-Security. Simply, I create my REST WS and put annotations like @RequiresAuthentication or @RequiresRole (don't forget to check on using aspects for annotation support) and then define in shiro.ini the paths and respective filters, like:
[urls] /rest/auth = ssl, rest /rest/admin = ssl, rest And that's it so far. /rest/auth authenticates and returns a cookie than it's sent on every other request. if you don't set it, for instance, when reaching /rest/admin which @RequiresAuthentication, you'll receive an 500 error. I'd like to have 401 or 403 but I'm not sure how to do it, yet. Cheers, PP On 09/06/12 09:22, ipas wrote: > Hi, How to use shiro to secure JAX-WS services? Is there any way to > integrate shiro with WS-Security or use instead of it? > > Thank you. > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/JAX-WS-services-and-shiro-tp7577486.html > Sent from the Shiro User mailing list archive at Nabble.com. -- Paulo Pires
