I'm sorry, I was just very confused overall, and my explanations weren't all that good in the end.
Essentially, what I read in the docs and what I was using on the Client originally, is that you have the ini file setup in some folder and then call it in Java code by creating a factory and then creating other objects such as Subject, or use the SecurityUtils(I think that's what it's called) class to do useful things. I was confused if I use that on the server, or not, because I was having trouble locating the file path of the ini file, and getting it work when direct pathing to the ini file; however last night somehow the direct path worked and I have been able to log in and send data back for now. The loginURL is specified to a certain link, do I just send my request it there? I figured we could only send requests to Servlets, but we could access any page then, and send the request there? I do want specific actions to be done than from the norm, so I'm not sure if I would create a special class (only the desktop client needs this info, not the web app). Currently, as I said, I call the Factory and just do the code on the server, but maybe that isn't correct? Everything seems to work as intended though. Get user/pass, create factory and such, then create a token, pass token to user.login(), if it works then I get a 200 OK if not then I get a 500 Internal Server error and a message saying that the credentials are incorrect in my Tomcat logs created by Shiro. If I'm authenticated then Shiro automatically creates the Session Cookie for the user. The only thing I've looked at changing was the SecurityManager when coding it myself on the server. It doesn't seem to be needed to be called since it's already set up. I also noticed that I had some weird loading issues if I didn't specify that authc = FormAuthenticationFilter, which I believe is supposed to automatically be set, but maybe I am wrong on that... I have never had that issue before, and have been logging into the application fine from the browser.... weird.... >From what you're saying we can just use the SecurityUtils class and manipulate >things from there? I was thinking about that earlier, but wasn't sure we >didn't need more... So I don't need to create a Factory for the inifile then I >wonder....??? BUt we still need a Servlet or special code to handle this, >which would be different from the code in the ini file then? By the way, I was curious if it's also difficult to set up SSL with Shiro? I've seen some code on the "SSL Filter," but is that all we need for SSL? Thanks for the help, much appreciated. ________________________________ From: scSynergy <[email protected]> Sent: Thursday, October 27, 2016 7:07:02 AM To: [email protected] Subject: Re: How should we go about configuring a Desktop Client with Shiro in the Server? I think I do not understand your questions - if Shiro has been already initialized on the server for the web application, then, why do it a second time? What do you mean with 'work with / access the ini file"? What do you mean by "access the FormAuthenticationFilter"? You do not need to access it, but instead specify it in the [url] section of the ini file. Then any user that sends a valid HTTP POST with valid HTML structure, username and password will automatically be authenticated by Shiro and you can check this by calling 'SecurityUtils.getSubject().isAuthenticated()' in your server side Java code. -- View this message in context: http://shiro-user.582556.n2.nabble.com/How-should-we-go-about-configuring-a-Desktop-Client-with-Shiro-in-the-Server-tp7581322p7581345.html Sent from the Shiro User mailing list archive at Nabble.com.
