Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
4
votes
1 answer

how to know that session with associate with subject is expired or not in java shiro

i am implmenting the java shiro for security.i need to return the message when session is expired and if session is not expired then i need to return different message like un Authenticate user. This is my code. @GET @Path("/{userId}") public…
user2549122
  • 203
  • 1
  • 5
  • 18
4
votes
2 answers

Different Permissions in Apache Shiro for every User?

I built a database with the entity user and permission user (id, email, password, permission) permission (id, create_user, delete_user, user_fk) create_user and delete_user is BOOLEAN. Relationship: One-One Now every user can have it's own…
internet
  • 385
  • 1
  • 8
  • 27
4
votes
1 answer

Apache shiro: Use ldap for user authentication and database for roles/permissions?

we just started with apache shiro and it works fine in a simple jdbc or ldap based environment. Be our requirements are the following: Authentication of the users agains a ldap server Roles+Permissions should be stored inside a database Has anyone…
André Schild
  • 4,592
  • 5
  • 28
  • 42
4
votes
4 answers

How to configure grails and shiro to mark cookies secure?

I'm using Grails 2.2.4 with the Shiro plugin 1.1.4 and would like to mark the cookies as secure so the session information won't be sent over http. I'm looking for the grails way to set this setting, which normally would be in…
Jay Prall
  • 5,295
  • 5
  • 49
  • 79
4
votes
2 answers

Apache shiro Property 'sessionManager.globalSessionTimeout' does not exist

I am facing another problem when I try to set session timeout in shiro.ini like this: securityManager.sessionManager.globalSessionTimeout = 3600000 I get an exception: 11:19:44,363 INFO [stdout] (MSC service thread 1-4) …
Rahat ALi
  • 61
  • 2
  • 4
4
votes
1 answer

How to use GWT with Apache Shiro hashed and salted

In this small tutorial I show you how to build a GWT Module which is responsible for registration and login. The password gets hashed with Sha256 and salted.
Philipp Hofmann
  • 3,388
  • 26
  • 32
4
votes
2 answers

Apache Shiro: redirect me to login page

When I try to access some protected page like the writerPage, Shiro keep redirecting me to the loging Page This is the shiro.ini file [users] admin = p mike = p, reader, writer joe = p, writer [urls] /success/** = authc /writer/** = authc And…
Asme Just
  • 1,287
  • 5
  • 27
  • 42
4
votes
0 answers

shiro - "Error listenerStart" error while starting

I am trying to integrate Shiro based on an excellent article penned by BalusC in my application. I added required JAR files (shiro-core-1.2.1.jar, shiro-web-1.2.1.jar, slf4j-api-1.7.5.jar and slf4j-simple-1.7.5.jar). Also modified web.xml. and added…
user1250720
  • 363
  • 1
  • 5
  • 17
4
votes
3 answers

Unable to @Inject my DAO in a Custom Apache Shiro AuthorizingRealm

I'm trying to inject my UserDAO inside my custom AuthorizingRealm that Apache Shiro is using but... I get null. What am I doing wrong? shiro.ini [main] user = demo.shiro.security.FacesAjaxAwareUserFilter realmA =…
BBacon
  • 2,456
  • 5
  • 32
  • 52
4
votes
2 answers

Grails Security without database implementation

I'm developing a web application with Grails 2.2.0 which does all actions through an implemented API which is calling another backend server. This means, that all things, even the authentication and all related things, are done through the API and…
herom
  • 2,532
  • 29
  • 41
4
votes
1 answer

Shiro-Guice Filter Chain Roles Configuration

How can I configure the Roles in the addFilterChain Method?? in the INI file it is something like [url] /secure/** = authc, roles[admin] How would it be in the Java method? addFilterChain("/secure/**", ROLES);
user1967277
4
votes
1 answer

Apache Shiro: Exception-Handling with Multiple Realms

We are using two realms (one for hashed passwords, the other one for generated plaintext keys) - this is working as expected. With a single realm, we could throw a DisabledAccountException exception in our realm's protected AuthenticationInfo…
xeraa
  • 10,456
  • 3
  • 33
  • 66
4
votes
1 answer

Integrate Apache Shiro Security Library with Dropwizard based JAX-RS application

I am trying to change Dropwizard to support Shiro. I have read documentation and am little puzzled. I would like to utilize Shiro in conjunction with form login authentication and Apache Shiro Annotations. I think that I need to use Jersey Filters…
Cemo
  • 5,370
  • 10
  • 50
  • 82
4
votes
1 answer

How Do I Authenticate a User With Shiro?

I've gone over and over on how to have a user login with Shiro, but it still seems like a vital piece is missing: How does shiro authenticate a given username and password against stored usernames and passwords? The most I've figured out is It is…
Jesse Jashinsky
  • 10,313
  • 6
  • 38
  • 63
4
votes
2 answers

Securing EJBs with Apache Shiro possible?

I want to know if I can use Apache Shiro to secure the business tier of an (container managed) Java EE application. I'm asking because I haven't found any examples but only statements like "it works in web, EJB, and IoC environments". Apache Shiro,…
tsh
  • 303
  • 1
  • 3
  • 12
1 2 3
83 84