I am new to javaee development. I am trying to build a javaee application in which rest services residing on Glassfish4 will be invoked by mobile clients. I came across apache shiro framework on the web for authentication and authorization. I would like to secure the services using shiro. For the time being I am trying to configure basic authentication with some hard coded users to gain confidence. My final goal is to move the user store to a database.
Following the apache shiro tutorial I configured my web.xml and shiro.ini. 1) But somehow the rest services are still open and I can invoke them without any password. is shiro.ini not getting loaded properly in my application ? 2) In future I will have multiple rest services from multiple applications, so I will need to configure shiro for all of them too ? Is there no way to handle authentication, authorization of multiple webapp using single shiro config ? 3) If you have a similar working sample please point me to that. Project location URL : https://github.com/debashisgho/MyApp/ <https://github.com/debashisgho/MyApp/> I can get the resource data without using any user/pwd http://localhost:8080/MyApp/rest/MyResource <http://localhost:8080/MyApp/rest/MyResource> I am sure that I have not configured it properly. Need help to find out what is missing. -- View this message in context: http://shiro-user.582556.n2.nabble.com/rest-glassfish4-shiro-enabled-working-sample-tp7580135.html Sent from the Shiro User mailing list archive at Nabble.com.
