annotations doesn't take effect, please help to have a look

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

annotations doesn't take effect, please help to have a look

yuwei

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

Laszlo Hornyak
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

yuwei

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

Tamás Cservenák
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

yuwei

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

lprimak
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

Tamás Cservenák
Nice work Lenny! 
This one should be added to the Shiro Integrations page...

Briaaaaan!


Thanks,
T

On Sat, Jun 3, 2017 at 8:28 PM Lenny Primak <[hidden email]> wrote:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

lprimak
Thanks!
I should document it a bit more. It's quite a nice toolset especially the prime faces data model stuff

On Jun 3, 2017, at 1:30 PM, Tamás Cservenák <[hidden email]> wrote:

Nice work Lenny! 
This one should be added to the Shiro Integrations page...

Briaaaaan!


Thanks,
T

On Sat, Jun 3, 2017 at 8:28 PM Lenny Primak <[hidden email]> wrote:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

Tamás Cservenák
Lenny,

I _think_ you can create a PR against this repo:

To have it included in list of integrations.

HTH,
T

On Sat, Jun 3, 2017 at 8:49 PM Lenny Primak <[hidden email]> wrote:
Thanks!
I should document it a bit more. It's quite a nice toolset especially the prime faces data model stuff

On Jun 3, 2017, at 1:30 PM, Tamás Cservenák <[hidden email]> wrote:

Nice work Lenny! 
This one should be added to the Shiro Integrations page...

Briaaaaan!


Thanks,
T

On Sat, Jun 3, 2017 at 8:28 PM Lenny Primak <[hidden email]> wrote:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

--
Thanks,
~t~

--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

回复: Re: annotations doesn't take effect, please help to have a look

yuwei
In reply to this post by lprimak

Hi Lenny,
Is there any example to show how flowgix-jee work with jersey application?
Thx,
Jared
Interested in cloud computing,big data processing,linux

2017年6月4日 02:28于 Lenny Primak <[hidden email]>写道:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,

[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]

In servlet app, one method handle http request is as following,

    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

lprimak
If by Jersey you mean Jax-RS, than if you put flowlogix-jee as a dependency the annotations should work as designed.
This was tested in most of the Java EE -compliant application servers (i.e. Payara)

On Jun 3, 2017, at 8:17 PM, Yu Wei <[hidden email]> wrote:

Hi Lenny,
Is there any example to show how flowgix-jee work with jersey application?
Thx,
Jared
Interested in cloud computing,big data processing,linux

2017年6月4日 02:28于 Lenny Primak <[hidden email]>写道:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,


[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]


In servlet app, one method handle http request is as following,


    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~


Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

Brian Demers
Lenny PR please! defiantly something we can add to the integration page!

On Sat, Jun 3, 2017 at 9:20 PM, Lenny Primak <[hidden email]> wrote:
If by Jersey you mean Jax-RS, than if you put flowlogix-jee as a dependency the annotations should work as designed.
This was tested in most of the Java EE -compliant application servers (i.e. Payara)

On Jun 3, 2017, at 8:17 PM, Yu Wei <[hidden email]> wrote:

Hi Lenny,
Is there any example to show how flowgix-jee work with jersey application?
Thx,
Jared
Interested in cloud computing,big data processing,linux

2017年6月4日 02:28于 Lenny Primak <[hidden email]>写道:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,


[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]


In servlet app, one method handle http request is as following,


    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~



Reply | Threaded
Open this post in threaded view
|

Re: annotations doesn't take effect, please help to have a look

lprimak
In reply to this post by Tamás Cservenák
Thank you!
I will do so shortly

On Jun 3, 2017, at 2:09 PM, Tamás Cservenák <[hidden email]> wrote:

Lenny,

I _think_ you can create a PR against this repo:

To have it included in list of integrations.

HTH,
T

On Sat, Jun 3, 2017 at 8:49 PM Lenny Primak <[hidden email]> wrote:
Thanks!
I should document it a bit more. It's quite a nice toolset especially the prime faces data model stuff

On Jun 3, 2017, at 1:30 PM, Tamás Cservenák <[hidden email]> wrote:

Nice work Lenny! 
This one should be added to the Shiro Integrations page...

Briaaaaan!


Thanks,
T

On Sat, Jun 3, 2017 at 8:28 PM Lenny Primak <[hidden email]> wrote:
Take a look at flowlogix-jee 
It integrates with java ee and makes the annotations work

On Jun 3, 2017, at 1:13 PM, Yu Wei <[hidden email]> wrote:

I also noticed that jersey is not officially supported.

Currently I have a web service written with jersey, and need to secure it.

However, shiro-jersey is not updated for almost 3 years and shiro version supported is 1.2.3.


I'm looking for other solutions.


Any advice?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Tamás Cservenák <[hidden email]>
Sent: Sunday, June 4, 2017 2:06:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi there,

and how did you integrate shiro annotations? For those to be picked up, you should use either guice, spring or some "home made" thing...


From "integrations" page
For Jersey, it enlists this

Thanks,
T

On Sat, Jun 3, 2017 at 7:54 PM Yu Wei <[hidden email]> wrote:

I'm using jersey.

shiro version is 1.2.3.


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Laszlo Hornyak <[hidden email]>
Sent: Sunday, June 4, 2017 1:41:51 AM
To: [hidden email]
Subject: Re: annotations doesn't take effect, please help to have a look
 
Hi Yu,

What version of shiro do you use? Are you using the rest resources with spring?

Best regards,
Laszlo

On Sat, Jun 3, 2017 at 7:23 PM, Yu Wei <[hidden email]> wrote:

Hi guys,

I tried to use annotations for authentication/authorization. However, it doesn't work as expected.

Below is shiro.ini,


[main]

# basic authentication
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# password matcher
pwMatcher = org.apache.shiro.authc.credential.PasswordMatcher
pwService = org.apache.shiro.authc.credential.DefaultPasswordService
pwMatcher.passwordService = $pwService

# data source configuration, using JndiObjectFactory to look up the attributes
datasrc = org.apache.shiro.jndi.JndiObjectFactory
datasrc.requiredType = javax.sql.DataSource
datasrc.resourceName = mysql/ustudy
datasrc.resourceRef = true

realm = org.apache.shiro.realm.jdbc.JdbcRealm
realm.permissionsLookupEnabled = true
realm.dataSource = $datasrc
realm.authenticationQuery = select usr_passwd from sec_users where loginname = ?
realm.credentialsMatcher = $pwMatcher

securityManager.realms = $realm

[users]

[roles]

[urls]
/services/info/list/** = authc, roles[admin]
/services/info/add/** = authcBasic, roles[admin]
/services/info/update/** = authcBasic, roles[admin]
/services/info/delete/** = authcBasic, roles[admin]


In servlet app, one method handle http request is as following,


    @GET
    @RequiresAuthentication
    @RequiresPermissions("list:view")
    @Path("list/{type}/{id}")
    @Produces(MediaType.APPLICATION_JSON)
    public Response getList()


It seems that @RequiresAuthentication and @RequiresPermissions("list:view") do not take effect.


Do I misunderstand anything? Or any error in my code?



Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux




--

EOF
--
Thanks,
~t~

--
Thanks,
~t~

--
Thanks,
~t~