JAX-RS annotations not working

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

JAX-RS annotations not working

Joerg Schoenfisch
Hi all,

I'm trying to use Shiro to secure a Jersey application. However, the @RequiresAuthentication and @RequiresUser annotations seem to be simply ignored.
I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no other filters are defined. Login and session handling work fine. But when I call a method that uses those annotations, it is not checked whether the subject is authenticated. The method is called although SecurityUtils.getSubject().isAuthenticated() == false.
Basically my setup is similar to here: https://stackoverflow.com/questions/47548066/requiresroles-annotation-not-working-in-shiro
I'm just using Shiro 1.4

Am I missing an essential part of the configuration?


Best,
Joerg

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: JAX-RS annotations not working

Joerg Schoenfisch
I just realized that I also need to run some AOP processor in my build...

I also found the following project which works nicely for Jersey applications, maybe something like this can be directly included in the ShiroFilter: https://github.com/silb/shiro-jersey


Best


> Am 21.12.2017 um 14:13 schrieb Joerg Schoenfisch <[hidden email]>:
>
> Hi all,
>
> I'm trying to use Shiro to secure a Jersey application. However, the @RequiresAuthentication and @RequiresUser annotations seem to be simply ignored.
> I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no other filters are defined. Login and session handling work fine. But when I call a method that uses those annotations, it is not checked whether the subject is authenticated. The method is called although SecurityUtils.getSubject().isAuthenticated() == false.
> Basically my setup is similar to here: https://stackoverflow.com/questions/47548066/requiresroles-annotation-not-working-in-shiro
> I'm just using Shiro 1.4
>
> Am I missing an essential part of the configuration?
>
>
> Best,
> Joerg


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: JAX-RS annotations not working

Brian Demers
That was one of the features added to 1.4.0
org.apache.shiro:shiro-jaxrs:1.4.0
It isn't dependent on jersey, it is a portable extension (heavily based on Stig Inge Lea Bjørnsen's work)


On Thu, Dec 21, 2017 at 9:01 AM, Joerg Schoenfisch <[hidden email]> wrote:
I just realized that I also need to run some AOP processor in my build...

I also found the following project which works nicely for Jersey applications, maybe something like this can be directly included in the ShiroFilter: https://github.com/silb/shiro-jersey


Best


> Am 21.12.2017 um 14:13 schrieb Joerg Schoenfisch <[hidden email]>:
>
> Hi all,
>
> I'm trying to use Shiro to secure a Jersey application. However, the @RequiresAuthentication and @RequiresUser annotations seem to be simply ignored.
> I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no other filters are defined. Login and session handling work fine. But when I call a method that uses those annotations, it is not checked whether the subject is authenticated. The method is called although SecurityUtils.getSubject().isAuthenticated() == false.
> Basically my setup is similar to here: https://stackoverflow.com/questions/47548066/requiresroles-annotation-not-working-in-shiro
> I'm just using Shiro 1.4
>
> Am I missing an essential part of the configuration?
>
>
> Best,
> Joerg