Integrate Struts2 with Shiro

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Integrate Struts2 with Shiro

Ken McWilliams
I'm working on integrating Struts2 with Shiro. I haven't used Shiro in any projects yet, so my knowledge is pretty limited, although I have downloaded and examined the quick start application and have read quite a bit of the documentation on the web site [all the main sections and am going over some of the web integration and spring integration examples although I don't think they suite my needs].

I would really like to see this work done by Alan Cabrera (http://grokbase.com/t/shiro/dev/10a7bd7pbn/struts2-integration), it mentions a "sandbox" but I couldn't find this on the shiro site or github... It was back in 2010.

What I'm looking to do, or think I should be doing is creating a custom SessionDAO. I'll have a user login and store the User in the sessions as "shiro-user" then it should be simply a matter of using Struts2's thread local to get at it [ActonContext.getContext().getSession()] where ever there would be direct access to the HTTPSession.

I am partial to programmatic configuration over the ini file (I just want to get a feel for things and the IDE will help me there a bit, afterwards I can get lazy).

For various reasons I would rather use shiro as per the non-web examples (filtering based on url is not required), the security checks will be done in the code.

To simplify setup I've started off by using the shiro.ini that is part of "Apache Shiro :: Samples :: Quick Start". 

Any advice? A link to that sturts2-shiro integration done by Alan would be interesting too.
Reply | Threaded
Open this post in threaded view
|

Re: Integrate Struts2 with Shiro

Brian Demers


On Sat, Jun 17, 2017 at 2:03 PM, Ken McWilliams <[hidden email]> wrote:
I'm working on integrating Struts2 with Shiro. I haven't used Shiro in any projects yet, so my knowledge is pretty limited, although I have downloaded and examined the quick start application and have read quite a bit of the documentation on the web site [all the main sections and am going over some of the web integration and spring integration examples although I don't think they suite my needs].

I would really like to see this work done by Alan Cabrera (http://grokbase.com/t/shiro/dev/10a7bd7pbn/struts2-integration), it mentions a "sandbox" but I couldn't find this on the shiro site or github... It was back in 2010.

You can check the svn history of the sandbox: https://svn.apache.org/repos/asf/shiro/sandbox/, (r1029443)
 
What I'm looking to do, or think I should be doing is creating a custom SessionDAO. I'll have a user login and store the User in the sessions as "shiro-user" then it should be simply a matter of using Struts2's thread local to get at it [ActonContext.getContext().getSession()] where ever there would be direct access to the HTTPSession.

I am partial to programmatic configuration over the ini file (I just want to get a feel for things and the IDE will help me there a bit, afterwards I can get lazy).

+1, Other integrations (Spring-Boot, Guice, etc) are the same way
 

For various reasons I would rather use shiro as per the non-web examples (filtering based on url is not required), the security checks will be done in the code.

You may still need to insert Shiro info the filter chain, but I'm not familiar with how Struts handles sessions. 
 

To simplify setup I've started off by using the shiro.ini that is part of "Apache Shiro :: Samples :: Quick Start". 

Any advice? A link to that sturts2-shiro integration done by Alan would be interesting too.

Put anything you have in a github repo (even if it starts as just hacking things up) if you get stuck kick this thread with a pointer to your code and we should be able to get you un-stuck.

Keep us posted!
-Brian