I highly suggest you take a look at https://github.com/flowlogix/flowlogix/tree/master/jakarta-ee/shiro-ee <https://github.com/flowlogix/flowlogix/tree/master/jakarta-ee/shiro-ee> Although it’s a bit in flux at the moment, it integrates Java EE with Shiro and solves all the problems you are trying to solve.
> On Nov 20, 2020, at 4:42 PM, Brian Demers <[email protected]> wrote: > > IIRC you _should_ be able to use the same SecurityManager for web and non-web > requests. > > However, two different SecurityManager's with the same Realm may cause > issues, especially if they are using caches. > We have a Spring RMI example here: > https://github.com/apache/shiro/blob/f782eb1084df73eff3e2ac0f9780cb4a4f429041/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java > > <https://github.com/apache/shiro/blob/f782eb1084df73eff3e2ac0f9780cb4a4f429041/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationExecutor.java> > > (It's been a while since I've done anything with RMI, so someone else might > be able to give you better advice) > > On Fri, Nov 20, 2020 at 3:14 PM Alex Orlov <[email protected] > <mailto:[email protected]>> wrote: > I have an application that can be accessed by http and rmi protocols. > > When an user uses http protocol he passes shiro web filter — everything is > clear here, no problem. > I wanted to use the same SecurityManager and for rmi protocol, but, of > course, it didn’t work: > > 22:21:44.599 [HTTP-Dispatcher] WARN > org.apache.shiro.authc.AbstractAuthenticator - Authentication failed for > token submission [myapp.security.AuthenticationToken@325c75dc]. Possible > unexpected error? (Typical or expected login exceptions should extend from > AuthenticationException). > java.lang.IllegalArgumentException: SessionContext must be an HTTP compatible > implementation. > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103) > ~[shiro-all-1.7.0.jar:?] > at > org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64) > ~[shiro-all-1.7.0.jar:?] > at > org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:152) > ~[shiro-all-1.7.0.jar:?] > at > org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:340) > ~[shiro-all-1.7.0.jar:?] > > As I understand, for rmi server I must create another security manager: > SecurityManager securityManager = new DefaultSecurityManager(myRealm); > > Could anyone say — if it is possible to use the same Realm instance (already > initialized) for the second security manager? > > > -- > Best regards, Alex Orlov
