If you have a bit more of a project demonstrating the issue I can take a
look. Our core product runs jetty embedded, with jersey and Shiro. I can't
imagine that cxf would be so different that it wouldn't work.
On Aug 29, 2015 7:34 PM, "aidaverdi800" <[email protected]> wrote:
> I'm back again, I really cannot figure out how to make work shiro in my
> environment.
> It seems that there isn't a way to add shiro filter in cxf with jetty
> embedded and no web.xml. I was thinking of doing a new cxf interceptor
> calling shiro classes but then I will lose the simplicity of shiro
> configuration.
>
> I tried also to add this code to convert cxf server to jetty server and
> add the filter as suggested, but if I don't add the shiro filter everything
> works and I can call my url. If I add the context handler the new servlet
> doesn't point to the rest resources, so the result of accessing the urls
> with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
> understanding what is going on is tricky.
>
> // old code
> JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
> JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
> ObjectMapper m = new ObjectMapper();
> m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);
>
> jackson.setMapper(m);
> CrossOriginResourceSharingFilter cors = new
> CrossOriginResourceSharingFilter();
> sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
> sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new
> Curricula(env)));
> System.out.println("webservice published on "+address);
> sf.setAddress(address);
>
> ì
> Server cxfServer = sf.create();
>
> // new code
> Destination dest = cxfServer.getDestination();
> JettyHTTPDestination jettyDestination =
> JettyHTTPDestination.class.cast(dest);
> ServerEngine engine = jettyDestination.getEngine();
> JettyHTTPServerEngine serverEngine =
> JettyHTTPServerEngine.class.cast(engine);
> org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();
>
>
> // Had to start the server to get the Jetty Server instance.
> // Have to stop it to add the custom Jetty handler.
> httpServer.stop();
> httpServer.join();
>
>
> CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
> final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
> ServletContextHandler context=new
> ServletContextHandler(ServletContextHandler.SECURITY);
> context.addServlet(servletHolder, "/*"); context.setContextPath("/");
> context.setInitParameter("shiroConfigLocations","classpath:shiro.ini");
> context.addEventListener(new EnvironmentLoaderListener());
> FilterHolder filterHolder = new FilterHolder();
> filterHolder.setFilter(new ShiroFilter());
> EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
> context.addFilter(filterHolder, "/*", types);
>
> httpServer.setHandler(context);
>
> httpServer.start();
> httpServer.join();
>
> Could anyone that has ecountered similar problem give me a suggestion for
> the best direction to analyse? I would like to use shiro better than cxf
> security but it seems really complicated in my case. Is the cxf interceptor
> the way to go?
>
> Lisa
>
> On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <[email protected]>
> wrote:
>
>> Just on a side-note,
>> /users/** = authcBasic
>> leaves your user-password as plain-text and therefor totally vulnerable to
>> eavesdropping.
>> In production environments I suggest you change that line to
>> /users/** = ssl[insert your port number here], authcBasic
>> for instance my server
>> /users/** = ssl[8443], authcBasic
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Shiro-filter-with-Jaxrs-server-tp7580613p7580621.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
