I'm not sure i understand this part, the solution you proposed on stackoverflow seems like your best bet, use an 'around' and subject.execute(). This will allow any other shiro call to function, and unbind the thread when complete. Feel free to answer respond back on stack overflow
I tried to intercept Shiro annotations with Before and Around advice with AspectJ, it works and I can do what I wanted (see link to stackoverflow for code). Around advice is the good solution, it set and unset the Subject, what I did not show in my code is that we need to store in the thread context one more info that we are already in an intercepted call so we do not need to get the Subject from the Service otherwise it would remove the subject in nested calls. http://stackoverflow.com/questions/41849439/apache-shiro-annotation-aop-and-rmi On Mon, Jan 30, 2017 at 5:35 AM, yoann159 <[email protected]> wrote: > Hi, > > > > So far I decided to use RMI, JUnit 5, Mockito, Guava, JOOQ, AspectJ, Apache > IO/imaging/Configuration/Net for my project and Apache Shiro (but why not > use Spring Security? See later explication). > > > > My application is a standalone app, for desktop. A server app, a client app > and GUI made with JavaFx. > > > > I tried to intercept Shiro annotations with Before and Around advice with > AspectJ, it works and I can do what I wanted (see link to stackoverflow for > code). Around advice is the good solution, it set and unset the Subject, > what I did not show in my code is that we need to store in the thread > context one more info that we are already in an intercepted call so we do > not need to get the Subject from the Service otherwise it would remove the > subject in nested calls. > > > > I know I am going to need to do caching, transactions, metrics for my app > therefore I started to look for Spring Boot to not code everything -> > @Transactional, @Cacheable, @Count, etc. > > So far I came with different dependencies: Spring boot 2.0.0, Spring > Security, Spring AOP and AspectJ, Spring Cache, Spring Mail, Spring JOOQ/ > Spring H2 (for tests and dev)/ Spring MySQL driver, Spring Actuator (and > above framework except Apache Shiro). > > So maybe if I use Spring security I do not need Apache Shiro but now I need > to see how to configure Spring Security with AspectJ. > > > > If you know what I said above, do you see any incoherence in the different > technologies I decided to use. All of the one (from Spring) I quoted are > standalone compatible (not only for web)? > > > > I suggest we could continue on > http://stackoverflow.com/questions/41849439/apache- > shiro-annotation-aop-and- > rmi as it would reach more people searching on stackoverflow. > > > > Thank you. > > > > From: Brian Demers [via Shiro User] > [mailto:[email protected]] > Sent: 2017年1月26日 22:49 > To: yoann159 > Subject: Re: How to make RMI work with Apache Shiro > > > > I'm not sure I'm fully following anymore, lets take a step back, tell us > about your stack. And we can point you in the right direction. (there are a > few ways to process the Shiro annotations, Spring, Guice, JAX-RS, aop, (and > CDI on a branch). > > > > Take a look at this as well: > https://shiro.apache.org/subject.html#thread-association > > > > On Wed, Jan 25, 2017 at 10:47 PM, yoann159 <[hidden email]> wrote: > > Hi, > > > > I tried the aspect example ( > <https://github.com/apache/shiro/tree/master/samples/ > aspectj/src/main/java/o > rg/apache/shiro/samples/aspectj/bank> > https://github.com/apache/shiro/tree/master/samples/ > aspectj/src/main/java/or > g/apache/shiro/samples/aspectj/bank) > > It works for the tests but I do not see how I can intercept the > RequiresPermissions or RequiresRoles or etc to get the jointpoint called, > get the reference of subject stored in the service instantiated for that > client and simply call set method to set Subject to current executing > thread. > > > > Also <https://github.com/apache/shiro/blob/master/samples/spring-boot/> > https://github.com/apache/shiro/blob/master/samples/spring-boot/ is good > simple example but like I said I do not use Spring context, I do desktop > app > with a server and clients. > > > > > > Unless it is possible to use Spring without a web context? Spring boot is > good but it is more like: @GetMapping() @RequestMapping(…) > > > > I maybe have a solution with: > pointcut allow(): > execution(@org.apache.shiro.authz.annotation.RequiresPermissions * *(..)) > || > execution(@org.apache.shiro.authz.annotation.RequiresRoles * *(..)); > > With that I can have before advice and do: > > > > ((Service) thisJoinPoint.getThis()).getSubject(); > ThreadState threadState = new SubjectThreadState(subject); > threadState.bind(); > > > > Not sure if I need to add a after advice to unbind the threadState but it > seems to work, and anyway any method will override the current subject. > What > would you suggest? > > > > Thank you. > > > > From: Brian Demers [via Shiro User] [mailto:[hidden email]] > Sent: 2017年1月25日 22:32 > To: yoann159 > Subject: Re: How to make RMI work with Apache Shiro > > > > Take a look at: https://shiro.apache.org/spring.html#secure-spring- > remoting > > > > Most of the Spring samples also include a remoting example:Â > https://github.com/apache/shiro/tree/master/samples > > > > There is also an aspectj example > > > > On Tue, Jan 24, 2017 at 11:24 PM, yoann159 <[hidden email]> wrote: > > How to make RMI work with Apache Shiro? > > Each calls on a method with @RequireRoles("..") execute on different thread > shared by multiple clients. > > Is there a way to intercept this AOP, set the current Subject for this > thread (threadLocal), then unset it at the end of the method? > > Thank you for your help > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/How-to-make-RMI- > work-with-Apache-Shir > o-tp7581467.html > Sent from the Shiro User mailing list archive at Nabble.com. > > > > > > _____ > > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/How-to-make-RMI- > work-with-Apache-Shi > ro-tp7581467p7581468.html > > To unsubscribe from How to make RMI work with Apache Shiro, click here > <http://shiro-user.582556.n2.nabble.com/template/ > NamlServlet.jtp?macro=unsub > scribe_by_code&node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW > 1zLmNvbXw3NTg > xNDY3fDYzMDk5NjIyOQ==> . > > <http://shiro-user.582556.n2.nabble.com/template/ > NamlServlet.jtp?macro=macro > _viewer > <http://shiro-user.582556.n2.nabble.com/template/ > NamlServlet.jtp?macro=macro > _viewer&id=instant_html%21nabble%3Aemail.naml&base= > nabble.naml.namespaces.Ba > sicNamespace-nabble.view.web.template.NabbleNamespace- > nabble.view.web.templa > te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble% > 3Aemail.naml-instan > t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > &id=instant_html%21nabble%3Aemail.naml&base=nabble.naml. > namespaces.BasicName > space-nabble.view.web.template.NabbleNamespace- > nabble.view.web.template.Node > Namespace&breadcrumbs=notify_subscribers%21nabble%3Aemail. > naml-instant_email > s%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/How-to-make-RMI- > work-with-Apache-Shir > o-tp7581467p7581473.html > > Sent from the Shiro User mailing list archive at Nabble.com. > > > > > > _____ > > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/How-to-make-RMI- > work-with-Apache-Shi > ro-tp7581467p7581474.html > > To unsubscribe from How to make RMI work with Apache Shiro, click here > <http://shiro-user.582556.n2.nabble.com/template/ > NamlServlet.jtp?macro=unsub > scribe_by_code&node=7581467&code=eW9hbm5Ac2Fhcy5hbGx1cmVzeXN0ZW > 1zLmNvbXw3NTg > xNDY3fDYzMDk5NjIyOQ==> . > > <http://shiro-user.582556.n2.nabble.com/template/ > NamlServlet.jtp?macro=macro > _viewer&id=instant_html%21nabble%3Aemail.naml&base= > nabble.naml.namespaces.Ba > sicNamespace-nabble.view.web.template.NabbleNamespace- > nabble.view.web.templa > te.NodeNamespace&breadcrumbs=notify_subscribers%21nabble% > 3Aemail.naml-instan > t_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > NAML > > > > winmail.dat (15K) <http://shiro-user.582556.n2. > nabble.com/attachment/7581479/0/winmail.dat> > > > > > -- > View this message in context: http://shiro-user.582556.n2. > nabble.com/How-to-make-RMI-work-with-Apache-Shiro-tp7581467p7581479.html > Sent from the Shiro User mailing list archive at Nabble.com. >
