Have you looked at the Shiro web tutorial? The examples there should work just fine.
> On May 12, 2022, at 8:28 PM, Josef Gosch <josef.go...@gmail.com> wrote: > > My authentication realm is set up correctly, I can authenticate through an > endpoint inside the RequestHandler. I can save the session cookie manually, > but I can't find a way for the SecurityManager or WebSessionManager to > intercept it. > > Josef Gosch <josef.go...@gmail.com <mailto:josef.go...@gmail.com>> schrieb am > Fr., 13. Mai 2022, 03:01: > Hello. > > I have some troubles implementing Shiro in a distributed environment. > Clients/Server are communicating through a HTTP based Protocol provided by > Jetty on the server side. The client side is set up to store and reply > cookies. > > I played around with different approaches but nothing seems to fit. I tried > creating a ServletContextHandler and adding the Filters there, but I have no > clue how to combine it with my RequestHandler. I also don't find much help > online on this subject. Maybe someone here could give me a hint? > > It's basically made up of 2 Classes: > > public final class WebServer extends AbstractIdleService { > > // ~ Static fields > --------------------------------------------------------------------------------------------- > > private static final Logger L = LoggerFactory.getLogger(WebServer.class); > > // ~ Instance fields > ------------------------------------------------------------------------------------------- > > private final int port; > private final Server server; > private final TractDB tractDB; > private final Gson gson; > > // ~ Constructors > ---------------------------------------------------------------------------------------------- > > public WebServer(final TractDB tractDB, final int port, final Gson gson) { > this.tractDB = tractDB; > this.port = port; > this.gson = gson; > this.server = new Server(); > } > > // ~ Methods > --------------------------------------------------------------------------------------------------- > > @Override > protected void startUp() throws Exception { > > SslContextFactory sslContextFactory = new SslContextFactory(); > sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore")); > sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD); > sslContextFactory.setProtocol("TLSv1.2"); > > SslConnectionFactory ssl = new > SslConnectionFactory(sslContextFactory, "http/1.1"); > HttpConnectionFactory http = new HttpConnectionFactory(new > HttpConfiguration()); > > > /* connectors */ > ServerConnector sslConnector = new ServerConnector(this.server, ssl, > http); > sslConnector.setPort(this.port); > this.server.addConnector(sslConnector); > > /* handlers */ > > GzipHandler gzip = new GzipHandler(); > RequestHandler requestHandler = new RequestHandler(this.gson, > this.tractDB); > > gzip.setIncludedMimeTypes("text/html", "text/plain", > "application/json"); > > gzip.setHandler(requestHandler); > > this.server.setHandler(gzip); > > this.server.start(); > } > > @Override > protected void shutDown() throws Exception { > L.info("shutting down web-server"); > this.server.stop(); > } > } > --------------------------------------------------------------------------------------------- > --------------------------------------------------------------------------------------------- > public final class RequestHandler extends AbstractHandler { > > // ~ Static fields > --------------------------------------------------------------------------------------------- > > private static final Logger L = > LoggerFactory.getLogger(RequestHandler.class); > > // ~ Instance fields > ------------------------------------------------------------------------------------------- > > // ... > > // ~ Constructors > ---------------------------------------------------------------------------------------------- > > public RequestHandler(final Gson gson, final TractDB tractDB) { > // ... > } > > // ~ Methods > --------------------------------------------------------------------------------------------------- > > @Override > public void handle(final String target, final Request baseRequest, final > HttpServletRequest request, final HttpServletResponse response) throws > IOException, ServletException { > L.debug("{} '{}'", request.getMethod(), target); > > try { > > /* default result: not found */ > HandlerResult handlerResult = JsonResult.notFound(this.gson); > > /* ... Handlers will be dispatched here ... */ > > handlerResult.writeTo(response); > > } catch (RuntimeException e) { > L.error(e.getMessage(), e); > response.reset(); > > JsonResult.internalServerError(this.gson) > .writeTo(response); > } > > baseRequest.setHandled(true); > } > }
