I am attempting to using Shiro + CXF in an OSGi environment. I have succeeded in having Shiro authentication work, by following this example https://github.com/pires/fabric8-cxf-shiro omitting the Hazelcast Session Clustering. Unfortunately though, I am unable to get sessions to work properly. I believe this issue is related to CXF serving http requests from a thread pool with each worker thread storing its own sessions. Following the documentation, it seems the preferred solution would be to use Session Clustering. One implementation would involve adding EHCache + Terracotta. Another solution, that I have found is https://github.com/lhazlewood/shiro-cassandra-sample . I believe the shiro-cassandra example could be adapted to work with an OSGi blueprint. Since my project is already using Cassandra this may be easier to maintain. Unfortunately both of these options add more machinery and complexity than I would like. I would prefer an in-memory solution that doesn't involve another process. Is session clustering the right way to do this or is there a way to do this without session clustering?
Shiro.ini [main] ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm ldapRealm.contextFactory.systemUsername ldapRealm.contextFactory.systemPassword = ldapRealm.userDnTemplate = ldapRealm.contextFactory.url = ldapRealm.contextFactory.authenticationMechanism = simple builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $builtInCacheManager blueprint.xml <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxrs="http://cxf.apache.org/blueprint/jaxrs"; xsi:schemaLocation=" http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd http://cxf.apache.org/blueprint/jaxrs http://cxf.apache.org/schemas/blueprint/jaxrs.xsd";> <jaxrs:server id="restService" address="/"> <jaxrs:providers> <ref component-id="jsonProvider"/> <bean class="com.cisco.rest.security.mapper.ShiroExceptionMapper" /> <bean class="com.cisco.rest.security.filters.SecurityFeatureProvider"> <property name="authService"> <reference interface="com.cisco.rest.security.AuthenticationService" availability="optional" /> </property> </bean> <bean class="com.cisco.rest.security.filters.CORSFilter" /> </jaxrs:providers> <jaxrs:inInterceptors> <ref component-id="inLoggingInterceptor" /> </jaxrs:inInterceptors> <jaxrs:outInterceptors> <ref component-id="outLoggingInterceptor" /> </jaxrs:outInterceptors> <jaxrs:serviceBeans> <ref component-id="restServiceBean"/> <ref component-id="authManager" /> </jaxrs:serviceBeans> <jaxrs:extensionMappings> <entry key="json" value="application/json" /> </jaxrs:extensionMappings> </jaxrs:server> <bean id="restServiceBean" class="com.cisco.rest.impl.ExampleRestServiceImpl"/> <bean id="jsonProvider" class="org.codehaus.jackson.jaxrs.JacksonJsonProvider"/> <bean id="inLoggingInterceptor" class="com.cisco.rest.util.MaskingLoggingInInterceptor"/> <bean id="outLoggingInterceptor" class="com.cisco.rest.util.MaskingLoggingOutInterceptor"/> <bean id="authManager" class="com.cisco.rest.security.AuthenticationManager" > <property name="authService"> <reference interface="com.cisco.rest.security.AuthenticationService" availability="optional" /> </property> </bean> <bean id="auth" class="com.cisco.rest.security.AuthenticationServiceImpl"/> <service ref="auth" interface="com.cisco.rest.security.AuthenticationService"/> </blueprint>
