Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
4
votes
1 answer

Retrieving Shiro Principals

NOTE: Due to subsequent research this question has been completely restructured. I am trying to retrieve values from Shiro's subject PrincipalCollection. I have added two principals to the collection. Username and UUID. When I try to recall these I…
tarka
  • 5,289
  • 10
  • 51
  • 75
4
votes
3 answers

Java – efficient, database-aware instance-level authorization?

In a JPA app I have a scenario in which the app is to list all accounts the given user is authorized to withdraw from I have the Account entity and a many-to-many table that lists what authorizations each user has on each account – to implement…
giorgiga
  • 1,758
  • 12
  • 29
4
votes
6 answers

Spring MongoDB and Apache Shiro

I am attempting to use Apache Shiro with Spring and MongoDB. I am using Spring Data Repositories which are autowired. I have created my own custom realm for Shiro which uses a Spring Data repository to talk to Mongo: public class PlatformRealm…
SoWeLie
  • 1,381
  • 12
  • 16
4
votes
2 answers

Shiro Authorization populate authorization with remote roles

I'm using Tapestry-Security which uses Apache Shiro I have a custom realm which handles authorization and authentication. Our authentication technically happens using a remote service, which returns a username and a set of roles. I just pass the…
Code Junkie
  • 7,602
  • 26
  • 79
  • 141
3
votes
1 answer

Implementing a AuthorizingRealm with Grails Shiro plugin

I'm trying to implement a AuthorizingRealm with Grails Shiro plugin. Authentication is done against a Active Directory using the plugin's generated class ShiroLdapRealm. Roles will be maintained inside the application's database. So how can I…
naag
  • 263
  • 1
  • 7
3
votes
1 answer

How can I use Shiro SSO

how should I configure SSO shiro in web application In my web app I want to access another weba app . But I am new to shiro and having difficulties with SSO.. So anyone can help me
user1295409
  • 31
  • 2
3
votes
2 answers

how to get/set the salt for a JdbcRealm

I am attempting to use the Shiro JdbcRealm and SHA256 hashedcredentialsMatcher. I need to update a legacy database and assign the appropriate salt for each user (via a batch routine). how do I get/set the salt for a given account using the Shiro…
Fred
  • 335
  • 1
  • 6
  • 22
3
votes
2 answers

Shiro: Session already invalidated

I am using Apache Shiro in a web-application. The login and authentication check works well, but I have a problem to implement a logout / re-login mechanism: The logout is done in a servlet: private void logout(HttpServletRequest req,…
Michael
  • 4,722
  • 6
  • 37
  • 58
3
votes
1 answer

access control, role and permission in grails

I am working on a grails application for the first time and I now want to protect some pages to be viewed only by admins, and give some permissions to other users. I am using Apache Shiro plugin for grails. My sample code in the bootstrap looks like…
WowBow
  • 7,137
  • 17
  • 65
  • 103
3
votes
1 answer

Small differences in SHA1 hashes

A project I am working on uses Apache Shiro as a security framework. Passwords are SHA1 hashed (no salt, no iterations). Login is SSL secured. However, the remaining part of the application is not SSL secured. In this context (no SSL) there should…
user462982
  • 1,635
  • 1
  • 16
  • 26
3
votes
1 answer

How Can I Configure the SameSite Cookie Attribute in Apache Shiro?

I'm developing an EJB-based webservice using Apache Shiro for user access management. I added the freshly released version 1.5.0 of Apache Shiro to my Maven project to make use of the new sameSite cookie attribute. Then I added the configuration of…
Joe7
  • 508
  • 1
  • 4
  • 17
3
votes
2 answers

Hashed and Salted Password is not always the same

I am using Apache Shiro as my security layer in my Spring app and I am encountering a really weird situation. Firstly, this is how my security system is set up. When a user registers their password is hashed with a securely generated random salt.…
Michael Gaylord
  • 7,282
  • 8
  • 50
  • 47
3
votes
1 answer

Calling async methods (Vert.x, Java) from necessarily synchronous ones

We have a set of Java applications that were originally written using normal synchronous methods but have largely been converted to asynchronous Vert.x (the regular API, not Rx) wherever it makes sense. We're having some trouble at the boundaries…
clixtec
  • 73
  • 9
3
votes
1 answer

Hashing and Salting passwords with shiro

In apache shiro the default hash implementation is as follows: MessageDigest digest = getDigest(getAlgorithmName()); if (salt != null) { digest.reset(); digest.update(salt); } byte[] hashed =…
dstarh
  • 4,976
  • 5
  • 36
  • 68
3
votes
1 answer

Apache Shiro And JWT Implementation Problems When Using Different Secret Per User

I am working on a application where I have implemented a java Restful Backend Sercvice with Apache Shiro authentication. I can now get a user to register and log in successfully using password and salt backed by my database. Now i want to improve on…
mixtou
  • 729
  • 10
  • 27
1 2 3
83 84