Re: How should we go about configuring a Desktop Client with Shiro in the Server?

[scSynergy]

The Shiro environment is only initialized on the server - *not* on the
clients. The clients need not know Shiro even exists, since they only use
regular HTTP requests with either Basic Authentication (desktop client
[REST]) or Form Authentication (Browser [HTTP session]). The server is
initialized once with one ini file to serve requests for both web and
desktop clients.

All Shiro filters (including FormAuthenticationFilter) are located on the
server to serve incoming HTTP requests from the clients. Clients create
regular HTTP requests (without Shiro) and send those to the server where the
filters process the requests according to the configured Shiro environment
(ini file). 

The desktop client needs to create HTTP requests in order to retrieve data
from the server - no Shiro is involved on the client side.

It is easiest to initialize Shiro on the server via web.xml. If for whatever
reason this is not an option you need to write a class including the
following code:

import static javax.servlet.DispatcherType.ASYNC;
import static javax.servlet.DispatcherType.ERROR;
import static javax.servlet.DispatcherType.FORWARD;
import static javax.servlet.DispatcherType.INCLUDE;
import static javax.servlet.DispatcherType.REQUEST;
import javax.servlet.FilterRegistration;
import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.apache.shiro.config.Ini;
import org.apache.shiro.web.env.EnvironmentLoaderListener;
import org.apache.shiro.web.env.WebEnvironment;
import org.ops4j.pax.shiro.cdi.web.CdiIniWebEnvironment;
...
@WebListener
public class ShiroInitializer extends EnvironmentLoaderListener {

    @Override
    public void contextInitialized(ServletContextEvent sce) {
        super.contextInitialized(sce);
        initializeShiro(sce);
    }

    @Override
    public void contextDestroyed(ServletContextEvent sce) {
        super.contextDestroyed(sce);
    }

    @Override
    protected void customizeEnvironment(WebEnvironment environment) {
            String iniFile = loadFromDatabaseOrFilesystem();
            Ini ini = new Ini();
            ini.load(iniFile);
            environment.setIni(ini);
    }

    private void initializeShiro(ServletContextEvent sce) {
        FilterRegistration.Dynamic dynamic =
sce.getServletContext().addFilter("ShiroFilter",
"org.apache.shiro.web.servlet.ShiroFilter");
        dynamic.setAsyncSupported(true);
        EnumSet<DispatcherType> enumSet = EnumSet.of(REQUEST, FORWARD,
INCLUDE, ERROR, ASYNC);
        dynamic.addMappingForUrlPatterns(enumSet, true, "/*");
    }
...
}



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/How-should-we-go-about-configuring-a-Desktop-Client-with-Shiro-in-the-Server-tp7581322p7581343.html
Sent from the Shiro User mailing list archive at Nabble.com.