Everything looks set up correctly now, I have an IniWebEnvironment in my
servletContext inside the request handler... but now I get the following
exception:
No SecurityManager accessible to the calling code, either bound to the
org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an
invalid application configuration.
This is a bit awkward, as I can indeed fetch the WebEnvironment through
WebUtils.getRequiredWebEnvironment(request.getServletContext()), and it
contains an instance of DefaultWebSecurityManager.
I could set it manually with SecurityUtils.setSecurityManager, but as far
as I know by now this would load the SecurityManager in VM context, which
is probably not what I want.
I don't really understand what is happening here.
thank you.
Am Fr., 13. Mai 2022 um 12:21 Uhr schrieb Josef Gosch <josef.go...@gmail.com
>:
> Hi.
> Thanks for the hints.
> I think my first approach wasn't too wrong, but it's still something
> missing there... I set up a ServletContextHandler and configured it
> according to the web.xml file in the example, and I let my RequestHandler
> extend HandlerWrapper instead of AbstractHandler (don't really know if
> tthat's the right approach...):
>
> /* handlers */
> ServletContextHandler context = new ServletContextHandler();
> context.setInitParameter("shiroConfigLocations", "classpath:shiro.ini");
> context.addEventListener(new EnvironmentLoaderListener());
> context.addFilter(ShiroFilter.class, "/*", EnumSet.of(REQUEST, FORWARD,
> INCLUDE, ERROR, ASYNC));
>
> GzipHandler gzip = new GzipHandler();
> gzip.setIncludedMimeTypes("text/html", "text/plain", "application/json");
>
> RequestHandler requestHandler = new RequestHandler(this.gson, this.tractDB);
>
> context.insertHandler(requestHandler);
> context.setGzipHandler(gzip);
>
> this.server.setHandler(context);
>
> But it seems to work now ---- What i found was that I initialized the
> shiro.ini file in the main method. I somehow missed that, banging my head
> at the table right now :).
>
> thank you.
>
> Am Fr., 13. Mai 2022 um 07:53 Uhr schrieb Benjamin Marwell <
> bmarw...@apache.org>:
>
>> Hi!
>>
>> I think you need to init an environment and make it available
>> throughout all of the requests.
>> Look at this section:
>> https://shiro.apache.org/web.html#shiro_1_2_and_later
>> Especially the part "what it does": "(... including the
>> SecurityManager) and makes it accessible in the ServletContext.
>>
>> You can take a look at the class
>> "org.apache.shiro.web.env.EnvironmentLoaderListener" to see what it
>> looks like.
>>
>> Once set up, you should be able to access your WebSecurityManager in
>> any way you described.
>>
>> Am Fr., 13. Mai 2022 um 06:20 Uhr schrieb Lenny Primak <
>> lpri...@hope.nyc.ny.us>:
>> >
>> > Have you looked at the Shiro web tutorial?
>> > The examples there should work just fine.
>> >
>> >
>> > On May 12, 2022, at 8:28 PM, Josef Gosch <josef.go...@gmail.com> wrote:
>> >
>> > My authentication realm is set up correctly, I can authenticate through
>> an endpoint inside the RequestHandler. I can save the session cookie
>> manually, but I can't find a way for the SecurityManager or
>> WebSessionManager to intercept it.
>> >
>> > Josef Gosch <josef.go...@gmail.com> schrieb am Fr., 13. Mai 2022,
>> 03:01:
>> >>
>> >> Hello.
>> >>
>> >> I have some troubles implementing Shiro in a distributed environment.
>> >> Clients/Server are communicating through a HTTP based Protocol
>> provided by Jetty on the server side. The client side is set up to store
>> and reply cookies.
>> >>
>> >> I played around with different approaches but nothing seems to fit. I
>> tried creating a ServletContextHandler and adding the Filters there, but I
>> have no clue how to combine it with my RequestHandler. I also don't find
>> much help online on this subject. Maybe someone here could give me a hint?
>> >>
>> >> It's basically made up of 2 Classes:
>> >>
>> >> public final class WebServer extends AbstractIdleService {
>> >>
>> >> // ~ Static fields
>> ---------------------------------------------------------------------------------------------
>> >>
>> >> private static final Logger L =
>> LoggerFactory.getLogger(WebServer.class);
>> >>
>> >> // ~ Instance fields
>> -------------------------------------------------------------------------------------------
>> >>
>> >> private final int port;
>> >> private final Server server;
>> >> private final TractDB tractDB;
>> >> private final Gson gson;
>> >>
>> >> // ~ Constructors
>> ----------------------------------------------------------------------------------------------
>> >>
>> >> public WebServer(final TractDB tractDB, final int port, final Gson
>> gson) {
>> >> this.tractDB = tractDB;
>> >> this.port = port;
>> >> this.gson = gson;
>> >> this.server = new Server();
>> >> }
>> >>
>> >> // ~ Methods
>> ---------------------------------------------------------------------------------------------------
>> >>
>> >> @Override
>> >> protected void startUp() throws Exception {
>> >>
>> >> SslContextFactory sslContextFactory = new SslContextFactory();
>> >>
>> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore"));
>> >>
>> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD);
>> >> sslContextFactory.setProtocol("TLSv1.2");
>> >>
>> >> SslConnectionFactory ssl = new
>> SslConnectionFactory(sslContextFactory, "http/1.1");
>> >> HttpConnectionFactory http = new HttpConnectionFactory(new
>> HttpConfiguration());
>> >>
>> >>
>> >> /* connectors */
>> >> ServerConnector sslConnector = new
>> ServerConnector(this.server, ssl, http);
>> >> sslConnector.setPort(this.port);
>> >> this.server.addConnector(sslConnector);
>> >>
>> >> /* handlers */
>> >>
>> >> GzipHandler gzip = new GzipHandler();
>> >> RequestHandler requestHandler = new RequestHandler(this.gson,
>> this.tractDB);
>> >>
>> >> gzip.setIncludedMimeTypes("text/html", "text/plain",
>> "application/json");
>> >>
>> >> gzip.setHandler(requestHandler);
>> >>
>> >> this.server.setHandler(gzip);
>> >>
>> >> this.server.start();
>> >> }
>> >>
>> >> @Override
>> >> protected void shutDown() throws Exception {
>> >> L.info("shutting down web-server");
>> >> this.server.stop();
>> >> }
>> >> }
>> >>
>> >>
>> ---------------------------------------------------------------------------------------------
>> >>
>> >>
>> ---------------------------------------------------------------------------------------------
>> >>
>> >> public final class RequestHandler extends AbstractHandler {
>> >>
>> >> // ~ Static fields
>> ---------------------------------------------------------------------------------------------
>> >>
>> >> private static final Logger L =
>> LoggerFactory.getLogger(RequestHandler.class);
>> >>
>> >> // ~ Instance fields
>> -------------------------------------------------------------------------------------------
>> >>
>> >> // ...
>> >>
>> >> // ~ Constructors
>> ----------------------------------------------------------------------------------------------
>> >>
>> >> public RequestHandler(final Gson gson, final TractDB tractDB) {
>> >> // ...
>> >> }
>> >>
>> >> // ~ Methods
>> ---------------------------------------------------------------------------------------------------
>> >>
>> >> @Override
>> >> public void handle(final String target, final Request baseRequest,
>> final HttpServletRequest request, final HttpServletResponse response)
>> throws IOException, ServletException {
>> >> L.debug("{} '{}'", request.getMethod(), target);
>> >>
>> >> try {
>> >>
>> >> /* default result: not found */
>> >> HandlerResult handlerResult =
>> JsonResult.notFound(this.gson);
>> >>
>> >> /* ... Handlers will be dispatched here ... */
>> >>
>> >> handlerResult.writeTo(response);
>> >>
>> >> } catch (RuntimeException e) {
>> >> L.error(e.getMessage(), e);
>> >> response.reset();
>> >>
>> >> JsonResult.internalServerError(this.gson)
>> >> .writeTo(response);
>> >> }
>> >>
>> >> baseRequest.setHandled(true);
>> >> }
>> >> }
>> >
>> >
>>
>
