2

I am writing a service in which i use Shiro for security. I have also incorporated Guice with it. I create the GUICE injector in a GuiceServletContextListener :

//Custom Shiro Web module with defined REALM
new MyShiroWebModule(this.servletContext, "/v1/*"),

//Shiro annotations
new MyAOPModule(),

I also bind the Guice Container and GuiceShiroFilter in the JerseyServletModule:

serve("/v1/*").with(GuiceContainer.class, params);                  
//Adds Shiro filtering  
MyShiroWebModule.bindGuiceFilter(binder());

But the Annotations from Shiro just don't seem to work!

I configure the chains in MyShiroWebModule:

addFilterChain("/v1/res/test", ANON);
addFilterChain("/v1/**", ROLES, AUTHC_BASIC);

So if I use the "ROLES" filter then it scans for roles in the AOP manner of:

@RolesAllowed("SomeFancyRole") (SEE EDIT)

But i would like to leverage the GUICE Shiro AOP functionality. I have tried the base ShiroAOPModule instead of my own -> my is for debug to see if the configuration is called.

@User, @Authenticated etc.

How can I incorporate this functionality as the documentation states that only "adding" the ShiroAOPModule should work out of the box? Thank you in advance

EDIT:

Turns out that the @RolesAllowed is working thanks to adding:

params.put(PackagesResourceConfig.PROPERTY_RESOURCE_FILTER_FACTORIES, "com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory");

in the JerseyServletModule

serve("/v1/*").with(GuiceContainer.class, params);

So the AOP from Shiro is still not filtered.

okipol
  • 1,197
  • 3
  • 11
  • 27

1 Answers1

0

You can change it for the standard ShiroAopModule class. It has to be initialized after your ShiroWebModule subclass. This is a snippet to make the ServletModule work with Jersey 1.18.1, Guice 3 and Apache Shiro 1.2.3

public class BootstrapServletModule extends ServletModule{

private static final String propertyPackages= GenericBootstrapConstants.JERSEY_PROPERTY_PACKAGES;

@Override
protected void configureServlets() {
    super.configureServlets();

    //get the bootstrapping Properties file
    install(new BootstrapPropertiesModule());

    //Initialize Persistence JPA Unit of Work if present
    //install(new MyUnitOfWorkModule());
    //Initialize Apache Shiro if present
    install(new BootstrapShiroModule(getServletContext()));
    //This allows Shiro AOP Annotations http://shiro.apache.org/java-authorization-guide.html
    install(new ShiroAnnotationsModule());

    Map<String, String> params = new HashMap<String, String>();
    params.put(PackagesResourceConfig.PROPERTY_PACKAGES, propertyPackages);
    //if you had a Persistence Service like JPA Unit of Work you would need to add this PersistFilter also.
    //filter("/*").through(PersistFilter.class);
    //if you had a ShiroWebModule installed above you would need to add this GuiceShiroFilter also.
    filter("/*").through(GuiceShiroFilter.class);
    serve("/rest/*").with(GuiceContainer.class, params);

}
}

Regards

pampanet
  • 131
  • 6
  • You can check a sample project here [https://github.com/pabiagioli/shiro-guice-jersey-bootstrap](https://github.com/pabiagioli/shiro-guice-jersey-bootstrap) – pampanet Oct 30 '14 at 15:55