The REST filter is only a little different form the typical web filter http://shiro.apache.org/web.html#Web-EnablingandDisablingFilters
Make sure you have your servlet filter configured, for your paths https://github.com/apache/shiro/blob/trunk/samples/web/src/main/webapp/WEB-INF/web.xml#L29-L37 You should also be able to use that project as an example. On Wed, Aug 6, 2014 at 10:52 AM, Debashis Ghosh <[email protected]> wrote: > I am new to javaee development. I am trying to build a javaee application > in > which rest services residing on Glassfish4 will be invoked by mobile > clients. I came across apache shiro framework on the web for authentication > and authorization. I would like to secure the services using shiro. For the > time being I am trying to configure basic authentication with some hard > coded users to gain confidence. My final goal is to move the user store to > a > database. > > Following the apache shiro tutorial I configured my web.xml and shiro.ini. > > 1) But somehow the rest services are still open and I can invoke them > without any password. is shiro.ini not getting loaded properly in my > application ? > > 2) In future I will have multiple rest services from multiple applications, > so I will need to configure shiro for all of them too ? Is there no way to > handle authentication, authorization of multiple webapp using single shiro > config ? > > 3) If you have a similar working sample please point me to that. > > Project location > > URL : https://github.com/debashisgho/MyApp/ > <https://github.com/debashisgho/MyApp/> > > I can get the resource data without using any user/pwd > > http://localhost:8080/MyApp/rest/MyResource > <http://localhost:8080/MyApp/rest/MyResource> > I am sure that I have not configured it properly. Need help to find out > what > is missing. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/rest-glassfish4-shiro-enabled-working-sample-tp7580135.html > Sent from the Shiro User mailing list archive at Nabble.com. >
