silb / shiro-jersey Goto Github PK

Do you think you could release this to Maven central or some other Maven repository?

Jakarta EE 9 is out already along with stable versions of the two most popular containers - Tomcat 10 and Jetty 11. shiro-jersey internally still uses javax (e.g. import javax.ws.rs.core.Response in ShiroExceptionMapper) so it is incompatible with an application that runs on these two containers. It would be nice to release a new version that is compatible with them. Unfortunately a single version cannot be made compatible with both the "old" javax and the "new" jakarta namespaces so perhaps a new major version should be released.

The migration is simple enough - just depend on the new artifact versions and rename the imports from javax.* to jakarta.*.

cc @silb

Love this library - we were wondering if you have plans to upgrade it for Jersey 2 in DropWizard 0.8.0.

Hi,

Thanks for your contributions about shiro and jersey.

when i used shiro-jersey, i have got this exceptions below, what shoud i do to let server not throw this exception thanks!

org.apache.shiro.authz.UnauthorizedException: Subject does not have permission [oilareacode:update]
at org.apache.shiro.authz.ModularRealmAuthorizer.checkPermission(ModularRealmAuthorizer.java:323)
at org.apache.shiro.mgt.AuthorizingSecurityManager.checkPermission(AuthorizingSecurityManager.java:137)
at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205)
at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74)
at org.secnod.shiro.jersey.AuthorizationFilter.filter(AuthorizationFilter.java:60)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:297)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:288)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1110)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:401)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:386)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:222)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:722)

Move from silb/dropwizard-shiro#13.

When you send a POST request to a URL different than the one you're on, the browser first sends an OPTIONS request, without login cookies or anything. Shiro deflects this as an unauthorized request. I read that the correct handling is to pass OPTIONS requests without checking authorization. How can I do that, using this library?

The IniShiroFilter referred to in the setup instructions has been deprecated

Hi,
My app is restful web service integrated with jersey and running on tomcat.
I tried to use shiro-jersey to enable authentication and authorization.
However, after configure [urls] in shiro.ini, it seemed it didn't take effect.
I guessed I missed something, so I asked here for help.

I found following example,
public class ApiApplication extends ResourceConfig {
public ApiApplication() {
register(new AuthorizationFilterFeature());
register(new SubjectFactory());
register(new AuthInjectionBinder());
}
}

Where should I do the similar thing in my web app?
I tried to add the following code into the entry point for web application,
@path("/")
@RequiresAuthentication
public class InfoCenter extends ResourceConfig {
public InfoCenter() {
initDataSource();
register(new AuthorizationFilterFeature());
register(new SubjectFactory());
register(new AuthInjectionBinder());
register(new ShiroExceptionMapper());
}

This class has some methods to handle http requests and below annotations are added to them,
@RequiresAuthentication
@RequiresPermissions("list:view")
And the shiro.ini is as below,
/services/info/list/student/* = authc, roles[admin]
/services/info/add/** = authc, roles[admin]
/services/info/update/** = authc, roles[admin]
/services/info/delete/** = authc, roles[admin]

However, it didn't work.
Could you help to have a look?

Thanks.

Hi silb,

I found that after upgrading Jersey from 2.25.1 to 2.26-b06, the interface ValueFactoryProvider is removed from the jar of Jersey. This cause an issue with this lib.

Thanks

The group is org.secnod.shiro, is it supposed to be second?
Great plugin, I wrote my own filters and am replacing them with yours.

Hi,

I have found your library quite helpful. I want to use it in my app. My requirement is bit different though. I want to secure my rest services which will be used in both javascript client and mobile application client. So I want a common authentication point for them.I couldn't find how we would login using this library. Can you please help me how can I achieve it. My software stack trace is
Embedded Jetty , Jersey , Guice.

Thanks In advance