Associating Subject to HttpSession

classic Classic list List threaded Threaded
6 messages Options
ayv
Reply | Threaded
Open this post in threaded view
|

Associating Subject to HttpSession

ayv
This post was updated on .
Hi,

I need to create a custom Subject instance & make it available through out
the user session. I am initializing shiro programmatically. Below is my code:

Factory factory = new IniSecurityManagerFactory("file:shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);

Authentication is taken care by another application. I only need to take care of
authorization. So I can't do a login manually. All I have access to is
usename & HttpSession. How can I create a shiro Session & associate the Subject with it?

Thanks,
Anil.
Reply | Threaded
Open this post in threaded view
|

Re: Associating Subject to HttpSession

Brian Demers
If you configure the Shiro Filter, the subject will automatically be associated with the session. (you can configure it with annotations, or manually if needed)


On Sun, May 6, 2018 at 3:11 PM, ayv <[hidden email]> wrote:
Hi,I need to create a custom Subject instance & make it available through out
the user session. I am initializing shiro programmatically. Below is my
code:Factory factory = new
IniSecurityManagerFactory("file:shiro.ini");SecurityManager securityManager
=
factory.getInstance();SecurityUtils.setSecurityManager(securityManager);Authentication
is taken care by another application. I only need to take care of
authorization. So I can't do a login manually. All I have access to is
usename & HttpSession. How I can associate the Subject with a
HttpSession?Thanks,Anil.



--
Sent from: http://shiro-user.582556.n2.nabble.com/

Reply | Threaded
Open this post in threaded view
|

Re: Associating Subject to HttpSession

Brian Demers
Sorry, I didn't paste the doc link:
https://shiro.apache.org/web.html

On Mon, May 7, 2018 at 10:13 AM, Brian Demers <[hidden email]> wrote:
If you configure the Shiro Filter, the subject will automatically be associated with the session. (you can configure it with annotations, or manually if needed)


On Sun, May 6, 2018 at 3:11 PM, ayv <[hidden email]> wrote:
Hi,I need to create a custom Subject instance & make it available through out
the user session. I am initializing shiro programmatically. Below is my
code:Factory factory = new
IniSecurityManagerFactory("file:shiro.ini");SecurityManager securityManager
=
factory.getInstance();SecurityUtils.setSecurityManager(securityManager);Authentication
is taken care by another application. I only need to take care of
authorization. So I can't do a login manually. All I have access to is
usename & HttpSession. How I can associate the Subject with a
HttpSession?Thanks,Anil.



--
Sent from: http://shiro-user.582556.n2.nabble.com/


ayv
Reply | Threaded
Open this post in threaded view
|

Re: Associating Subject to HttpSession

ayv
Hi Brian,

Thanks for the reply.

I couldn't find how to configure ShiroFilter using annotations or manually
in the doc link. I tried searching but most of the results are related to
spring. My application does not use spring. If you can provide me any
references/code snippets, it will be really helpful. I am a complete novice
in shiro.

Thanks much,
Anil.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Associating Subject to HttpSession

Brian Demers
What stack are you on? We might be able to give you better directions?

But in general, it is standard Java Servlet / Web App configuration

Dropwizard, for example, doesn't load servlet fragments, to programmatically it looks something like this:

        environment.servlets().addServletListeners(new EnvironmentLoaderListener());
        environment.servlets().addFilter("ShiroFilter", ShiroFilter.class)
                .addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), false, "/*");

Which is the equivalent of the web.xml listed here: https://shiro.apache.org/web.html#web-xml


On Mon, May 7, 2018 at 11:15 AM, ayv <[hidden email]> wrote:
Hi Brian,

Thanks for the reply.

I couldn't find how to configure ShiroFilter using annotations or manually
in the doc link. I tried searching but most of the results are related to
spring. My application does not use spring. If you can provide me any
references/code snippets, it will be really helpful. I am a complete novice
in shiro.

Thanks much,

ayv
Reply | Threaded
Open this post in threaded view
|

Re: Associating Subject to HttpSession

ayv
I tried adding annotations. But I couldn't get it working. The problem is
with the order in which filters are executed. With annotations, there seems
to be no way to define the order of execution. Below is my code.

@WebFilter(urlPatterns = "/*", initParams = { @WebInitParam(name =
"configPath", value = "classpath:shiro.ini") },
dispatcherTypes = {DispatcherType.REQUEST, DispatcherType.FORWARD,
DispatcherType.INCLUDE, DispatcherType.ERROR})
public class MyFilter extends ShiroFilter

Unless we define the filter in web.xml (which is the last option for me), I
dont think this will work. Is there any other way we can associate the
subject to session?

Thanks again for your valuable suggestion.



--
Sent from: http://shiro-user.582556.n2.nabble.com/