Great!
Would you like to share your findings? We could use it on our website
or on yours (if you have any) and link to it.
WDYT?
Am Di., 17. Mai 2022 um 19:52 Uhr schrieb Josef Gosch <josef.go...@gmail.com>:
>
> I've found out that ShiroFilter didn't get triggered on requests. I changed
> my request handler to extend javax.servlet.http.HttpServlet, now it's working!
>
> Josef Gosch <josef.go...@gmail.com> schrieb am Fr., 13. Mai 2022, 23:49:
>>
>> Everything looks set up correctly now, I have an IniWebEnvironment in my
>> servletContext inside the request handler... but now I get the following
>> exception:
>> No SecurityManager accessible to the calling code, either bound to the
>> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is an
>> invalid application configuration.
>>
>> This is a bit awkward, as I can indeed fetch the WebEnvironment through
>> WebUtils.getRequiredWebEnvironment(request.getServletContext()), and it
>> contains an instance of DefaultWebSecurityManager.
>>
>> I could set it manually with SecurityUtils.setSecurityManager, but as far as
>> I know by now this would load the SecurityManager in VM context, which is
>> probably not what I want.
>>
>> I don't really understand what is happening here.
>>
>> thank you.
>>
>> Am Fr., 13. Mai 2022 um 12:21 Uhr schrieb Josef Gosch
>> <josef.go...@gmail.com>:
>>>
>>> Hi.
>>> Thanks for the hints.
>>> I think my first approach wasn't too wrong, but it's still something
>>> missing there... I set up a ServletContextHandler and configured it
>>> according to the web.xml file in the example, and I let my RequestHandler
>>> extend HandlerWrapper instead of AbstractHandler (don't really know if
>>> tthat's the right approach...):
>>>
>>> /* handlers */
>>> ServletContextHandler context = new ServletContextHandler();
>>> context.setInitParameter("shiroConfigLocations", "classpath:shiro.ini");
>>> context.addEventListener(new EnvironmentLoaderListener());
>>> context.addFilter(ShiroFilter.class, "/*", EnumSet.of(REQUEST, FORWARD,
>>> INCLUDE, ERROR, ASYNC));
>>>
>>> GzipHandler gzip = new GzipHandler();
>>> gzip.setIncludedMimeTypes("text/html", "text/plain", "application/json");
>>>
>>> RequestHandler requestHandler = new RequestHandler(this.gson, this.tractDB);
>>>
>>> context.insertHandler(requestHandler);
>>> context.setGzipHandler(gzip);
>>>
>>> this.server.setHandler(context);
>>>
>>> But it seems to work now ---- What i found was that I initialized the
>>> shiro.ini file in the main method. I somehow missed that, banging my head
>>> at the table right now :).
>>>
>>> thank you.
>>>
>>> Am Fr., 13. Mai 2022 um 07:53 Uhr schrieb Benjamin Marwell
>>> <bmarw...@apache.org>:
>>>>
>>>> Hi!
>>>>
>>>> I think you need to init an environment and make it available
>>>> throughout all of the requests.
>>>> Look at this section:
>>>> https://shiro.apache.org/web.html#shiro_1_2_and_later
>>>> Especially the part "what it does": "(... including the
>>>> SecurityManager) and makes it accessible in the ServletContext.
>>>>
>>>> You can take a look at the class
>>>> "org.apache.shiro.web.env.EnvironmentLoaderListener" to see what it
>>>> looks like.
>>>>
>>>> Once set up, you should be able to access your WebSecurityManager in
>>>> any way you described.
>>>>
>>>> Am Fr., 13. Mai 2022 um 06:20 Uhr schrieb Lenny Primak
>>>> <lpri...@hope.nyc.ny.us>:
>>>> >
>>>> > Have you looked at the Shiro web tutorial?
>>>> > The examples there should work just fine.
>>>> >
>>>> >
>>>> > On May 12, 2022, at 8:28 PM, Josef Gosch <josef.go...@gmail.com> wrote:
>>>> >
>>>> > My authentication realm is set up correctly, I can authenticate through
>>>> > an endpoint inside the RequestHandler. I can save the session cookie
>>>> > manually, but I can't find a way for the SecurityManager or
>>>> > WebSessionManager to intercept it.
>>>> >
>>>> > Josef Gosch <josef.go...@gmail.com> schrieb am Fr., 13. Mai 2022, 03:01:
>>>> >>
>>>> >> Hello.
>>>> >>
>>>> >> I have some troubles implementing Shiro in a distributed environment.
>>>> >> Clients/Server are communicating through a HTTP based Protocol provided
>>>> >> by Jetty on the server side. The client side is set up to store and
>>>> >> reply cookies.
>>>> >>
>>>> >> I played around with different approaches but nothing seems to fit. I
>>>> >> tried creating a ServletContextHandler and adding the Filters there,
>>>> >> but I have no clue how to combine it with my RequestHandler. I also
>>>> >> don't find much help online on this subject. Maybe someone here could
>>>> >> give me a hint?
>>>> >>
>>>> >> It's basically made up of 2 Classes:
>>>> >>
>>>> >> public final class WebServer extends AbstractIdleService {
>>>> >>
>>>> >> // ~ Static fields
>>>> >> ---------------------------------------------------------------------------------------------
>>>> >>
>>>> >> private static final Logger L =
>>>> >> LoggerFactory.getLogger(WebServer.class);
>>>> >>
>>>> >> // ~ Instance fields
>>>> >> -------------------------------------------------------------------------------------------
>>>> >>
>>>> >> private final int port;
>>>> >> private final Server server;
>>>> >> private final TractDB tractDB;
>>>> >> private final Gson gson;
>>>> >>
>>>> >> // ~ Constructors
>>>> >> ----------------------------------------------------------------------------------------------
>>>> >>
>>>> >> public WebServer(final TractDB tractDB, final int port, final Gson
>>>> >> gson) {
>>>> >> this.tractDB = tractDB;
>>>> >> this.port = port;
>>>> >> this.gson = gson;
>>>> >> this.server = new Server();
>>>> >> }
>>>> >>
>>>> >> // ~ Methods
>>>> >> ---------------------------------------------------------------------------------------------------
>>>> >>
>>>> >> @Override
>>>> >> protected void startUp() throws Exception {
>>>> >>
>>>> >> SslContextFactory sslContextFactory = new SslContextFactory();
>>>> >>
>>>> >> sslContextFactory.setKeyStore(SSLKeyStore.create("server.keystore"));
>>>> >>
>>>> >> sslContextFactory.setKeyStorePassword(SSLKeyStore.KEYSTORE_PASSWORD);
>>>> >> sslContextFactory.setProtocol("TLSv1.2");
>>>> >>
>>>> >> SslConnectionFactory ssl = new
>>>> >> SslConnectionFactory(sslContextFactory, "http/1.1");
>>>> >> HttpConnectionFactory http = new HttpConnectionFactory(new
>>>> >> HttpConfiguration());
>>>> >>
>>>> >>
>>>> >> /* connectors */
>>>> >> ServerConnector sslConnector = new ServerConnector(this.server,
>>>> >> ssl, http);
>>>> >> sslConnector.setPort(this.port);
>>>> >> this.server.addConnector(sslConnector);
>>>> >>
>>>> >> /* handlers */
>>>> >>
>>>> >> GzipHandler gzip = new GzipHandler();
>>>> >> RequestHandler requestHandler = new RequestHandler(this.gson,
>>>> >> this.tractDB);
>>>> >>
>>>> >> gzip.setIncludedMimeTypes("text/html", "text/plain",
>>>> >> "application/json");
>>>> >>
>>>> >> gzip.setHandler(requestHandler);
>>>> >>
>>>> >> this.server.setHandler(gzip);
>>>> >>
>>>> >> this.server.start();
>>>> >> }
>>>> >>
>>>> >> @Override
>>>> >> protected void shutDown() throws Exception {
>>>> >> L.info("shutting down web-server");
>>>> >> this.server.stop();
>>>> >> }
>>>> >> }
>>>> >>
>>>> >> ---------------------------------------------------------------------------------------------
>>>> >>
>>>> >> ---------------------------------------------------------------------------------------------
>>>> >>
>>>> >> public final class RequestHandler extends AbstractHandler {
>>>> >>
>>>> >> // ~ Static fields
>>>> >> ---------------------------------------------------------------------------------------------
>>>> >>
>>>> >> private static final Logger L =
>>>> >> LoggerFactory.getLogger(RequestHandler.class);
>>>> >>
>>>> >> // ~ Instance fields
>>>> >> -------------------------------------------------------------------------------------------
>>>> >>
>>>> >> // ...
>>>> >>
>>>> >> // ~ Constructors
>>>> >> ----------------------------------------------------------------------------------------------
>>>> >>
>>>> >> public RequestHandler(final Gson gson, final TractDB tractDB) {
>>>> >> // ...
>>>> >> }
>>>> >>
>>>> >> // ~ Methods
>>>> >> ---------------------------------------------------------------------------------------------------
>>>> >>
>>>> >> @Override
>>>> >> public void handle(final String target, final Request baseRequest,
>>>> >> final HttpServletRequest request, final HttpServletResponse response)
>>>> >> throws IOException, ServletException {
>>>> >> L.debug("{} '{}'", request.getMethod(), target);
>>>> >>
>>>> >> try {
>>>> >>
>>>> >> /* default result: not found */
>>>> >> HandlerResult handlerResult =
>>>> >> JsonResult.notFound(this.gson);
>>>> >>
>>>> >> /* ... Handlers will be dispatched here ... */
>>>> >>
>>>> >> handlerResult.writeTo(response);
>>>> >>
>>>> >> } catch (RuntimeException e) {
>>>> >> L.error(e.getMessage(), e);
>>>> >> response.reset();
>>>> >>
>>>> >> JsonResult.internalServerError(this.gson)
>>>> >> .writeTo(response);
>>>> >> }
>>>> >>
>>>> >> baseRequest.setHandled(true);
>>>> >> }
>>>> >> }
>>>> >
>>>> >
