Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
13
votes
2 answers

Inject CDI managed bean in custom Shiro AuthorizingRealm

In an app I'm building we're using straight Java 6 EE and JBoss (no Spring, etc), with JPA/Hibernate, JSF, CDI and EJBs. I haven't found many good general security solutions (recommendations are welcome), but the best bet I found is Apache…
lostdorje
  • 6,150
  • 9
  • 44
  • 86
13
votes
2 answers

How can I redirect requests to a configured Shiro loginUrl if the user is already authenticated?

I have a webapp using Shiro for authentication. The relevant parts of the web.xml and shiro.ini are: org.apache.shiro.web.env.EnvironmentLoaderListener
alan
  • 870
  • 7
  • 24
12
votes
1 answer

How to use Shiro for authenticating cookie based or facebook user?

In my web application, I do not have user registrations/login. What I have is the user account is automatically created when the user visits the site first time based on the cookie. How can I use Shiro for this purpose to authenticate such a user (…
ace
  • 11,526
  • 39
  • 113
  • 193
12
votes
3 answers

persistence.xml to import database parameters values from .properties file

Edit: not duplicate but almost I would like to have my app persistence.xml to be something like
paulochf
  • 690
  • 2
  • 11
  • 21
12
votes
1 answer

How to deal with hierarchical roles/permissions using Apache Shiro?

I'm trying to use Apache Shiro framework to secure my web application (UI is based on Vaadin 6). Looked through all the examples on Shiro's site and also googled for hours, but I can't find a clean way to deal with the following…
Sergey Makarov
  • 2,491
  • 2
  • 19
  • 23
12
votes
2 answers

Apache Shiro for securing REST api

I am attempting to integrate Shiro in my spring mvc application. The authentication is backed by a LDAP server and i am able to successfully authenticate against the ldap server and obtain a cookie. What I am not able to perform is to then use…
Adil F
  • 447
  • 1
  • 5
  • 14
12
votes
3 answers

Shiro complaining "There is no session with id xxx" with DefaultSecurityManager

I'm using Apache Shiro 1.2.0 in a long-running application that reads messages from a queue and and takes action. The action taken requires a Shiro authenticated session, so I've implemented an "ActAsAuthenticationToken" and custom credentials…
jhericks
  • 5,833
  • 6
  • 40
  • 60
11
votes
2 answers

Map Shiro's AuthenticationException with Jersey's ExceptionMapper

Preface First of all, my sincerest apologies for this question being extremely long, but I honestly have no idea on how to shorten it, since each part is kind of a special case. Admittedly, I may be blind on this since I am banging my head against…
Markus W Mahlberg
  • 19,711
  • 6
  • 65
  • 89
11
votes
1 answer

Using JDBCRealm to authenticate user with Shiro

I am trying to authenticate a servlet running within Tomcat 6 using Shiro. I have the following shiro.ini file: [main] ps = org.apache.shiro.authc.credential.DefaultPasswordService pm =…
Recurse
  • 3,557
  • 1
  • 23
  • 36
11
votes
2 answers

Is an unbound SecurityManager really an invalid application configuration in Shiro?

I'm adding Apache Shiro to my application and I'm wondering if the following error message is truly accurate: org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager accessible to the calling code, either bound to the…
Ryan J
  • 2,502
  • 5
  • 31
  • 41
11
votes
1 answer

Apache Shiro vs Java EE native APIs

What advantages are there by going to Apache Shiro, and leaving Java EE's native APIs for security and session management? I found that all security roles and sessions can be done in Apache Shiro but the same thing can also be done using Java EE…
satheesh
  • 1,443
  • 7
  • 28
  • 41
10
votes
1 answer

Annotation based security restriction does not work for web socket triggered method calls

I did some research on this, but I couldn't find the solution. I have a class like this @Stateless class ConfigBean { @RequiresRole("administrator") public void reloadConfiguration(){ ...... } } and I have a JAX-RS (jersey) service as…
Kiran Kumar
  • 1,033
  • 7
  • 20
10
votes
3 answers

How to authenticate user in Java code with database

I would like to use Apache Shiro with database authentication. But I can't make database design changes. I would like to use my custom SQL command and Java logic to authenticate user. Is this possible? I tried this configuration in…
Peter Penzov
  • 1,126
  • 134
  • 430
  • 808
10
votes
3 answers

JAAS, Spring Security or Apache Shiro

Just a quick question regarding security frameworks in java. To date JAAS has always been my go to framework. Yes people complain that it is very difficult to setup and it requires hooks into your underlying system but it does it's job and has the…
user1094865
10
votes
1 answer

How can i get the cacheManager from shiro framework in any part of application

How can I get a reference to the cacheManager object in the Shiro framework in any part of my application? For example, I want to remove the old user data that was cached during the removal of a user or updating its permission. Right now I am…
Prakash Bisht
  • 226
  • 1
  • 10
1
2
3
83 84