My authentication realm is set up correctly, I can authenticate through an
endpoint inside the RequestHandler. I can save the session cookie manually,
but I can't find a way for the SecurityManager or WebSessionManager to
intercept it.
Josef Gosch <josef.go...@gmail.com> schrieb am Fr., 13. Mai 2022, 03:01:
> Hello.
>
> I have some troubles implementing Shiro in a distributed environment.
> Clients/Server are communicating through a HTTP based Protocol provided by
> Jetty on the server side. The client side is set up to store and reply
> cookies.
>
> I played around with different approaches but nothing seems to fit. I
> tried creating a ServletContextHandler and adding the Filters there, but I
> have no clue how to combine it with my RequestHandler. I also don't find
> much help online on this subject. Maybe someone here could give me a hint?
>
> It's basically made up of 2 Classes:
>
> public final class WebServer extends AbstractIdleService {
>
> // ~ Static fields
> ---------------------------------------------------------------------------------------------
>
> private static final Logger L = LoggerFactory.getLogger(WebServer.class);
>
> // ~ Instance fields
> -------------------------------------------------------------------------------------------
>
> private final int port;
> private final Server server;
> private final TractDB tractDB;
> private final Gson gson;
>
> // ~ Constructors
> ----------------------------------------------------------------------------------------------
>
> public WebServer(final TractDB tractDB, final int port, final Gson gson) {
> this.tractDB = tractDB;
> this.port = port;
> this.gson = gson;
> this.server = new Server();
> }
>
> // ~ Methods
> ---------------------------------------------------------------------------------------------------
>
> @Override
> protected void startUp() throws Exception {
>
> SslContextFactory sslContextFactory = new SslContextFactory();
> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore"));
> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD);
> sslContextFactory.setProtocol("TLSv1.2");
>
> SslConnectionFactory ssl = new
> SslConnectionFactory(sslContextFactory, "http/1.1");
> HttpConnectionFactory http = new HttpConnectionFactory(new
> HttpConfiguration());
>
>
> /* connectors */
> ServerConnector sslConnector = new ServerConnector(this.server, ssl,
> http);
> sslConnector.setPort(this.port);
> this.server.addConnector(sslConnector);
>
> /* handlers */
>
> GzipHandler gzip = new GzipHandler();
> RequestHandler requestHandler = new RequestHandler(this.gson,
> this.tractDB);
>
> gzip.setIncludedMimeTypes("text/html", "text/plain",
> "application/json");
>
> gzip.setHandler(requestHandler);
>
> this.server.setHandler(gzip);
>
> this.server.start();
> }
>
> @Override
> protected void shutDown() throws Exception {
> L.info("shutting down web-server");
> this.server.stop();
> }
> }
>
> ---------------------------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------------------------
>
> public final class RequestHandler extends AbstractHandler {
>
> // ~ Static fields
> ---------------------------------------------------------------------------------------------
>
> private static final Logger L =
> LoggerFactory.getLogger(RequestHandler.class);
>
> // ~ Instance fields
> -------------------------------------------------------------------------------------------
>
> // ...
>
> // ~ Constructors
> ----------------------------------------------------------------------------------------------
>
> public RequestHandler(final Gson gson, final TractDB tractDB) {
> // ...
> }
>
> // ~ Methods
> ---------------------------------------------------------------------------------------------------
>
> @Override
> public void handle(final String target, final Request baseRequest, final
> HttpServletRequest request, final HttpServletResponse response) throws
> IOException, ServletException {
> L.debug("{} '{}'", request.getMethod(), target);
>
> try {
>
> /* default result: not found */
> HandlerResult handlerResult = JsonResult.notFound(this.gson);
>
> /* ... Handlers will be dispatched here ... */
>
> handlerResult.writeTo(response);
>
> } catch (RuntimeException e) {
> L.error(e.getMessage(), e);
> response.reset();
>
> JsonResult.internalServerError(this.gson)
> .writeTo(response);
> }
>
> baseRequest.setHandled(true);
> }
> }
>
>
