Quantcast

Question about SecurityManager /AuthenticationFilter

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Question about SecurityManager /AuthenticationFilter

harinath
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Allan C.
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari






Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari







Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari








Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari









Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari










Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari











Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari












Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari













Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
Hi Brian,

I wanted to add my custom AuthenticationListener to shiro so that I can required logging. As I understand I can get the SecurityManager reference only during user context (RPC in ODL), I am doing this during a RPC invocation.

    org.apache.shiro.mgt.SecurityManager secManager = SecurityUtils.getSecurityManager();
        AuthenticatingSecurityManager absSecMgr = (AuthenticatingSecurityManager)secManager;
        AbstractAuthenticator absAuthenticator = (AbstractAuthenticator)absSecMgr.getAuthenticator();
        absAuthenticator.getAuthenticationListeners().add(new XceedAuthenticationListener());


It doesn't sound right to me as multiple calls will result in duplicate listeners. is there any easier option.

Since ODL AAA is initializing shiro, other option I have is to bundle my code along with AAA but I want to avoid that.

Thanks
Hari


On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[hidden email]> wrote:
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari














Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
You only need to be in the context of a request if you are dealing with a user's request.

You _could_ just get the SecurityManager from 'WebUtils.getRequiredWebEnvironment()' (assuming Shiro has already been initialized).  You could also just move all of this configuration into your shiro.ini file.

On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

I wanted to add my custom AuthenticationListener to shiro so that I can required logging. As I understand I can get the SecurityManager reference only during user context (RPC in ODL), I am doing this during a RPC invocation.

    org.apache.shiro.mgt.SecurityManager secManager = SecurityUtils.getSecurityManager();
        AuthenticatingSecurityManager absSecMgr = (AuthenticatingSecurityManager)secManager;
        AbstractAuthenticator absAuthenticator = (AbstractAuthenticator)absSecMgr.getAuthenticator();
        absAuthenticator.getAuthenticationListeners().add(new XceedAuthenticationListener());


It doesn't sound right to me as multiple calls will result in duplicate listeners. is there any easier option.

Since ODL AAA is initializing shiro, other option I have is to bundle my code along with AAA but I want to avoid that.

Thanks
Hari


On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[hidden email]> wrote:
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari















Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
Thanks Brian,

My observation is that even  SecurityUtils.getSecurityManager(); is working in user context only, I tried placing it in the constructor of my RPC provider class but of no luck. yes i see shiro getting intialized in the before my module as per the logs of ODL.

I wanted to move this to shiro.ini but do not know how I can make my class accessible during shiro initialization (I don't want to make changes to ODL aaa module). I know this is not specific to shiro but do you suggest anything for me to achieve this? 

WebUtils.getRequiredWebEnvironment() needs servlet context as input and I don't see it in my ODL module, so might not be able to use it.




On Wed, Nov 2, 2016 at 6:16 AM, Brian Demers <[hidden email]> wrote:
You only need to be in the context of a request if you are dealing with a user's request.

You _could_ just get the SecurityManager from 'WebUtils.getRequiredWebEnvironment()' (assuming Shiro has already been initialized).  You could also just move all of this configuration into your shiro.ini file.

On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

I wanted to add my custom AuthenticationListener to shiro so that I can required logging. As I understand I can get the SecurityManager reference only during user context (RPC in ODL), I am doing this during a RPC invocation.

    org.apache.shiro.mgt.SecurityManager secManager = SecurityUtils.getSecurityManager();
        AuthenticatingSecurityManager absSecMgr = (AuthenticatingSecurityManager)secManager;
        AbstractAuthenticator absAuthenticator = (AbstractAuthenticator)absSecMgr.getAuthenticator();
        absAuthenticator.getAuthenticationListeners().add(new XceedAuthenticationListener());


It doesn't sound right to me as multiple calls will result in duplicate listeners. is there any easier option.

Since ODL AAA is initializing shiro, other option I have is to bundle my code along with AAA but I want to avoid that.

Thanks
Hari


On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[hidden email]> wrote:
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari
















Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I just took a quick look at the AAA doc, it does look like adding a custom Realm is listed there ( I know you are not working on a Realm, but the classpath issues would be the same ).  I suggest asking on the ODL irc or mailing list.  

Keep us posted!

On Wed, Nov 2, 2016 at 4:44 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks Brian,

My observation is that even  SecurityUtils.getSecurityManager(); is working in user context only, I tried placing it in the constructor of my RPC provider class but of no luck. yes i see shiro getting intialized in the before my module as per the logs of ODL.

I wanted to move this to shiro.ini but do not know how I can make my class accessible during shiro initialization (I don't want to make changes to ODL aaa module). I know this is not specific to shiro but do you suggest anything for me to achieve this? 

WebUtils.getRequiredWebEnvironment() needs servlet context as input and I don't see it in my ODL module, so might not be able to use it.




On Wed, Nov 2, 2016 at 6:16 AM, Brian Demers <[hidden email]> wrote:
You only need to be in the context of a request if you are dealing with a user's request.

You _could_ just get the SecurityManager from 'WebUtils.getRequiredWebEnvironment()' (assuming Shiro has already been initialized).  You could also just move all of this configuration into your shiro.ini file.

On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

I wanted to add my custom AuthenticationListener to shiro so that I can required logging. As I understand I can get the SecurityManager reference only during user context (RPC in ODL), I am doing this during a RPC invocation.

    org.apache.shiro.mgt.SecurityManager secManager = SecurityUtils.getSecurityManager();
        AuthenticatingSecurityManager absSecMgr = (AuthenticatingSecurityManager)secManager;
        AbstractAuthenticator absAuthenticator = (AbstractAuthenticator)absSecMgr.getAuthenticator();
        absAuthenticator.getAuthenticationListeners().add(new XceedAuthenticationListener());


It doesn't sound right to me as multiple calls will result in duplicate listeners. is there any easier option.

Since ODL AAA is initializing shiro, other option I have is to bundle my code along with AAA but I want to avoid that.

Thanks
Hari


On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[hidden email]> wrote:
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari

















Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
Brian,

ODL is bundling the shiro and odl aaa  modules together as a feature so I think that makes the class path issue not to be there. If I have to do something similar, I have skip odl-aaa-shiro feature and create my own very similar to this one.


    <!-- odl-aaa-shiro feature which combines all aspects of AAA into one feature -->
    <feature name='odl-aaa-shiro' description='OpenDaylight :: AAA :: Shiro'
             version='${project.version}'>

        <!-- OSGI -->
        <bundle>mvn:org.apache.felix/org.apache.felix.dependencymanager/{{VERSION}}</bundle>
        <bundle>mvn:org.apache.felix/org.apache.felix.metatype/{{VERSION}}</bundle>

        <!-- Existing AAA infrastructure -->
        <feature version='${project.version}'>odl-aaa-authn</feature>

        <bundle>mvn:org.apache.shiro/shiro-web/{{VERSION}}</bundle>
        <bundle>mvn:org.apache.shiro/shiro-core/{{VERSION}}</bundle>

        <bundle>mvn:com.google.guava/guava/{{VERSION}}</bundle>
        <bundle>wrap:mvn:javax.annotation/javax.annotation-api/{{VERSION}}</bundle>
        <bundle>wrap:mvn:com.google.code.findbugs/jsr305/{{VERSION}}</bundle>
        <bundle>wrap:mvn:commons-codec/commons-codec/{{VERSION}}</bundle>
        <bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.resourceserver/{{VERSION}}</bundle>
        <bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.authzserver/{{VERSION}}</bundle>
        <bundle>wrap:mvn:org.apache.oltu.oauth2/org.apache.oltu.oauth2.common/{{VERSION}}</bundle>
        <bundle>wrap:mvn:org.json/json/{{VERSION}}</bundle>
        <bundle>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-beanutils/{{VERSION}}</bundle>
        <bundle>mvn:org.opendaylight.aaa/aaa-shiro/{{VERSION}}</bundle>

        <!-- AAA configuration file -->
        <configfile finalname="/etc/shiro.ini">mvn:org.opendaylight.aaa/aaa-shiro/{{VERSION}}/cfg/configuration</configfile>
    </feature>

On Thu, Nov 3, 2016 at 8:00 AM, Brian Demers <[hidden email]> wrote:
I just took a quick look at the AAA doc, it does look like adding a custom Realm is listed there ( I know you are not working on a Realm, but the classpath issues would be the same ).  I suggest asking on the ODL irc or mailing list.  

Keep us posted!

On Wed, Nov 2, 2016 at 4:44 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks Brian,

My observation is that even  SecurityUtils.getSecurityManager(); is working in user context only, I tried placing it in the constructor of my RPC provider class but of no luck. yes i see shiro getting intialized in the before my module as per the logs of ODL.

I wanted to move this to shiro.ini but do not know how I can make my class accessible during shiro initialization (I don't want to make changes to ODL aaa module). I know this is not specific to shiro but do you suggest anything for me to achieve this? 

WebUtils.getRequiredWebEnvironment() needs servlet context as input and I don't see it in my ODL module, so might not be able to use it.




On Wed, Nov 2, 2016 at 6:16 AM, Brian Demers <[hidden email]> wrote:
You only need to be in the context of a request if you are dealing with a user's request.

You _could_ just get the SecurityManager from 'WebUtils.getRequiredWebEnvironment()' (assuming Shiro has already been initialized).  You could also just move all of this configuration into your shiro.ini file.

On Tue, Nov 1, 2016 at 6:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

I wanted to add my custom AuthenticationListener to shiro so that I can required logging. As I understand I can get the SecurityManager reference only during user context (RPC in ODL), I am doing this during a RPC invocation.

    org.apache.shiro.mgt.SecurityManager secManager = SecurityUtils.getSecurityManager();
        AuthenticatingSecurityManager absSecMgr = (AuthenticatingSecurityManager)secManager;
        AbstractAuthenticator absAuthenticator = (AbstractAuthenticator)absSecMgr.getAuthenticator();
        absAuthenticator.getAuthenticationListeners().add(new XceedAuthenticationListener());


It doesn't sound right to me as multiple calls will result in duplicate listeners. is there any easier option.

Since ODL AAA is initializing shiro, other option I have is to bundle my code along with AAA but I want to avoid that.

Thanks
Hari


On Mon, Oct 31, 2016 at 3:49 PM, Harinath Mallepally <[hidden email]> wrote:
I think it was my mistake.  It was my addition of shiro-core into maven bundle-plugin, that might have resulted in the behavior i observed, I removed it and it worked fine. 


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>*</Import-Package>
<Embed-Dependency>...,shiro-core</Embed-Dependency>
</instructions>
<manifestLocation>${project.basedir}/META-INF</manifestLocation>
</configuration>
</plugin>

Thanks
Hari


On Mon, Oct 31, 2016 at 7:12 AM, Brian Demers <[hidden email]> wrote:
I know a portion of opendaylight is async, so you _may_ need to configure the static instance of the SecurityManager, But from the stack trace, I do NOT see the Shiro filter. Take a look at http://shiro.apache.org/web.html to see what you would need in your web.xml

Let us know how it goes.

On Fri, Oct 28, 2016 at 6:09 PM, Harinath Mallepally <[hidden email]> wrote:

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari


















Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

harinath
In reply to this post by Brian Demers
Hi Brian,
I know it is not directly related with shiro, but trying to see how do I configure this property in karaf? 
staticSecurityManagerEnabled


Thanks
Hari

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari











Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about SecurityManager /AuthenticationFilter

Brian Demers
I'm not sure, but I'm guessing you will run into classloader issues with a static instance.

Do you have an example project (something simple that can be used to illustrate the point)? Maybe that will help others as well.

-Brian

On Fri, Dec 9, 2016 at 4:58 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,
I know it is not directly related with shiro, but trying to see how do I configure this property in karaf? 
staticSecurityManagerEnabled


Thanks
Hari

On Fri, Oct 28, 2016 at 2:41 PM, Brian Demers <[hidden email]> wrote:
I'd need to see a bit more of the stacktrace. But i'm guessing your call is not in the context of a request.  If that is the case you would need to enable the static instance of the SecurityManager.

See the note about 'staticSecurityManagerEnabled'  in:

On Fri, Oct 28, 2016 at 4:56 PM, Harinath Mallepally <[hidden email]> wrote:
Hi Brian,

it is same error , looks like something is wrong.

org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
at org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:627)
at org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56)


couldn't figure it out. any thoughts?



On Fri, Oct 28, 2016 at 10:37 AM, Harinath Mallepally <[hidden email]> wrote:
in both cases. I understand that it needs a user context and during application start, this error makes sense. 

it failed in RPC requests, i expected it to work.
i saw this working fine earlier, might be something got messed up. will do clean build and try again. 


On Thu, Oct 27, 2016 at 5:54 PM, Brian Demers <[hidden email]> wrote:
Where is that method getting called from? Is it from the context of a request or while your application is starting ?


On Thu, Oct 27, 2016 at 7:02 PM, Harinath Mallepally <[hidden email]> wrote:
Thanks for the response.

I tried this way, but results in with error. any thoughts on how do I get handle on this? It looks like something is wrong with configuration or so.

 private void setListener(){

        try {
            //TODO temp code, remove it
            AuthenticatingSecurityManager securityMgr = (AuthenticatingSecurityManager) SecurityUtils.getSecurityManager();

            System.out.println(securityMgr);

            AbstractAuthenticator authentication = (AbstractAuthenticator) securityMgr.getAuthenticator();

            authentication.getAuthenticationListeners().add(new CustomAuthenticationListener());
        }catch(Exception e){
            LOG.error("error {}", e);
        }
    }
but resulted in with this

 error {}
org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the org.apache.shiro.util.ThreadContext or as a vm static singleton.  This is an invalid application configuration.
at org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)

.........

On Thu, Oct 27, 2016 at 12:55 PM, Brian Demers <[hidden email]> wrote:
I'm not sure, but if I had to guess, I would say you need to export your package in your bundles config

On Thu, Oct 27, 2016 at 2:10 PM, Harinath Mallepally <[hidden email]> wrote:
yes, I am using shiro.ini, my problem is  my class is not being identified in karaf (doing it with opendaylight), didn't know how to add my class into classpath without modifying ODL  feature.



On Thu, Oct 27, 2016 at 8:13 AM, Brian Demers <[hidden email]> wrote:
I you are using a shiro.ini just stick your filter in the [main] section.

For example:

[main]
...
myFilter = com.foo.bar.MyWickedCoolFilter

[urls]
/path/* = myFilter
# or possibly
/another/path/* = myFitler[anOption]




On Wed, Oct 26, 2016 at 7:50 PM, Allan C. <[hidden email]> wrote:
There's a SecurityUtils class that can access the static SecurityManager object.

Regards,
Allan C.

On Thu, Oct 27, 2016 at 6:15 AM, Harinath Mallepally <[hidden email]> wrote:
Hi,

is it possible to get reference of SecurityManager so that a custom AuthenticationFilter can be added?


Please let me know

Thanks
Hari












12
Loading...