I've been investigating Shiro for use in our web application which is based on dropwizard and guice. While I have found a couple of dropwizard/guice integrations for shiro on github - and they're pretty simple and make sense for the most part - I haven't been able to get any security features to work in my web app. My biggest stumbling block so far has been simply not knowing the underlying framework.
Part of the problem is that Shiro supports several different configurations/environments - web, stand-alone, dropwizard, guice, shiro-aop, etc - it's not clear to the noob (myself) which parts must be configured in which environments. Just throwing stuff in until the right log messages and results appear seems counter-productive and a little unnerving when implementing application security... May I suggest that a few well-placed diagrams in the documentation would be of great benefit to those of us trying to figure out the proper integration points? For instance, a few annotated action diagrams showing the flow of messages from jetty/tomcat/glassfish interception through Jetty and Shiro filters, and finally to the responses returned would be enormously helpful. Additionally, a master Shiro class hierarchy and object model diagram would be very useful. If master diagrams don't make sense, then a few such diagrams for the most used configurations. These would tell us what classes and objects interact with which other classes and objects at a glance. I would make such diagrams myself and submit them for inclusion if I knew enough about the system, but I don't, so I wish someone who understands it all would pass on some of the hidden knowledge. :) Thanks, John Calcote Sr. Software Engineer Fusion-io, Inc. -- View this message in context: http://shiro-user.582556.n2.nabble.com/doc-suggestions-tp7580046.html Sent from the Shiro User mailing list archive at Nabble.com.
