silb / shiro-jersey Goto Github PK
View Code? Open in Web Editor NEWSupport for securing Jersey JAX-RS applications with Apache Shiro.
License: Apache License 2.0
Support for securing Jersey JAX-RS applications with Apache Shiro.
License: Apache License 2.0
Do you think you could release this to Maven central or some other Maven repository?
Jakarta EE 9 is out already along with stable versions of the two most popular containers - Tomcat 10 and Jetty 11. shiro-jersey
internally still uses javax
(e.g. import javax.ws.rs.core.Response
in ShiroExceptionMapper
) so it is incompatible with an application that runs on these two containers. It would be nice to release a new version that is compatible with them. Unfortunately a single version cannot be made compatible with both the "old" javax
and the "new" jakarta
namespaces so perhaps a new major version should be released.
The migration is simple enough - just depend on the new artifact versions and rename the imports from javax.*
to jakarta.*
.
cc @silb
Love this library - we were wondering if you have plans to upgrade it for Jersey 2 in DropWizard 0.8.0.
Hi,
Thanks for your contributions about shiro and jersey.
org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [oilareacode:update]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.secnod.shiro.jersey.AuthorizationFilter.filter(AuthorizationFilter.java:60)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:297)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:288)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1110)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:401)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:386)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:222)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:722)
Move from silb/dropwizard-shiro#13.
When you send a POST request to a URL different than the one you're on, the browser first sends an OPTIONS request, without login cookies or anything. Shiro deflects this as an unauthorized request. I read that the correct handling is to pass OPTIONS requests without checking authorization. How can I do that, using this library?
The IniShiroFilter referred to in the setup instructions has been deprecated
Hi,
My app is restful web service integrated with jersey and running on tomcat.
I tried to use shiro-jersey to enable authentication and authorization.
However, after configure [urls] in shiro.ini, it seemed it didn't take effect.
I guessed I missed something, so I asked here for help.
I found following example,
public class ApiApplication extends ResourceConfig {
public ApiApplication() {
register(new AuthorizationFilterFeature());
register(new SubjectFactory());
register(new AuthInjectionBinder());
}
}
Where should I do the similar thing in my web app?
I tried to add the following code into the entry point for web application,
@path("/")
@RequiresAuthentication
public class InfoCenter extends ResourceConfig {
public InfoCenter() {
initDataSource();
register(new AuthorizationFilterFeature());
register(new SubjectFactory());
register(new AuthInjectionBinder());
register(new ShiroExceptionMapper());
}
This class has some methods to handle http requests and below annotations are added to them,
@RequiresAuthentication
@RequiresPermissions("list:view")
And the shiro.ini is as below,
/services/info/list/student/* = authc, roles[admin]
/services/info/add/** = authc, roles[admin]
/services/info/update/** = authc, roles[admin]
/services/info/delete/** = authc, roles[admin]
However, it didn't work.
Could you help to have a look?
Thanks.
Hi silb,
I found that after upgrading Jersey from 2.25.1 to 2.26-b06, the interface ValueFactoryProvider is removed from the jar of Jersey. This cause an issue with this lib.
Thanks
The group is org.secnod.shiro, is it supposed to be second?
Great plugin, I wrote my own filters and am replacing them with yours.
Hi,
I have found your library quite helpful. I want to use it in my app. My requirement is bit different though. I want to secure my rest services which will be used in both javascript client and mobile application client. So I want a common authentication point for them.I couldn't find how we would login using this library. Can you please help me how can I achieve it. My software stack trace is
Embedded Jetty , Jersey , Guice.
Thanks In advance
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.