Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
9
votes
3 answers

How to implement row-level security in Java?

I am currently evaluating authentication / authorization frameworks. Apache Shiro seems to be very nice but I am missing row-level security features. E.g. there might be special rows in a database which should only visible and accessible by users…
MRalwasser
  • 15,605
  • 15
  • 101
  • 147
9
votes
2 answers

How to easily implement "who is online" in Grails or Java Application?

I am building a community website in grails (using Apache Shiro for security and authentication system) and I would like to implement the feature "who is online?". This url http://cksource.com/forums/viewonline.php (see snapshot below if you do not…
fabien7474
  • 16,300
  • 22
  • 96
  • 124
9
votes
2 answers

Shiro: how does remember me work?

I've got few questions about Shiro's remember me feature: Why does Shiro generate different "remember me" token values for the same account on each login? Would a hacker be able to generate a "remember me" token for any account if I use the default…
fedor.belov
  • 22,343
  • 26
  • 89
  • 134
9
votes
2 answers

NoSuchMethodError: org.slf4j.helpers.MessageFormatter.format

I'm getting this error when running my application: [ERROR] Apr 12, 2013 10:18:56 AM com.google.appengine.tools.development.ApiProxyLocalImpl log [ERROR] INFO: javax.servlet.ServletContext log: Initializing Shiro environment [ERROR] 1601 [main] INFO…
quarks
  • 33,478
  • 73
  • 290
  • 513
9
votes
2 answers

Apache Shiro and SSO

Apache Shiro is a Java security framework and support SSO. And I have multiple sub-domains, each of which has separate application running. How can I use Apache Shiro web filters(or any other) to provide single sign on. Should I need a SSO server or…
user1651520
8
votes
1 answer

Shiro in a multi-threaded environment

The basic way that I understand Shiro's SecurityUtils.getSubject() to work is that it returns the subject which is bound to the currently executing thread. However, this just seems at odds with a servlet container like Tomcat which is using a…
sma
  • 9,449
  • 8
  • 51
  • 80
8
votes
1 answer

Multi tenancy in Shiro

We are evaluating Shiro for a custom Saas app that we are building. Seems like a great framework does does 90% of what we want, out of the box. My understanding of Shiro is basic, and here is what I am trying to accomplish. We have multiple…
aks
  • 255
  • 3
  • 15
8
votes
1 answer

Instance level access control in Apache Shiro

I found really a flexible security framework Apache Shiro. I successfully implemented authentication and authorization using Shiro. One of appealing features of the framework is instance based security. I just copied example from Shiro website.…
Chir
  • 671
  • 1
  • 10
  • 29
8
votes
1 answer

Apache Shiro & Java Security for Novices

I know next-to-nothing about Java's security model, including XML configuration, policy-setting, any security framework components, tools (such as keystore, etc.) and everything in between. Although I understand it will eventually become essential…
IAmYourFaja
  • 55,468
  • 181
  • 466
  • 756
8
votes
1 answer

Configuring Apache Shiro with Google Guice Servlet

I'm starting to use Guice/Shiro instead of Spring/Spring Security. I have looked examples from Shiro site, and all configuration examples are made as INI-file examples. Is it possible to configure Shiro in plain Java, as Guice Servlets are meant to…
newbie
  • 24,286
  • 80
  • 201
  • 301
8
votes
1 answer

Shiro LDAP Authorization config

Could you please help me with the following situation? Background information: I'm using the Vaadin framework. I'm using the Java security framework Shiro I'm using ssl. Authentication works. Username syntax = pietj@.lcl , jank@.lcl memberOf…
user3711448
  • 81
  • 1
  • 3
8
votes
3 answers

Restful Web service Authentication and Authorization with Apache Shiro

I am able to authenticate web based application using apache shiro through databases using JDBC relam. Further more, I am successively able to make the use of Shiro-Filters to grant access for particular web-resource or http urls using Shiro…
Prem Singh Bist
  • 1,273
  • 5
  • 22
  • 37
8
votes
3 answers

What makes nimble better than shiro?

What makes nimble a better choice than shiro? I'm trying to decide between nimble and shiro for a new grails project right now and I'm curious what makes nimble the better choice.
Brandon
  • 2,900
  • 1
  • 23
  • 36
8
votes
1 answer

Shiro expired session handling

My standalone application uses Shiro for security management. I am encountering a problem with expired sessions. If a user session gets expired and when I try to log the user back in I get the following exception. Could anybody…
Amar Sosa
  • 83
  • 1
  • 3
8
votes
1 answer

Configuring Shiro to allow anonymous access to resource folders (JS, CSS etc)

I'm having a problem configuring Apache Shiro to disable anonymous access to all pages except /js and /resources because that breaks the site design and layout before the user is logged in. My current shiro-context.xml file has the following…
Vex
  • 1,179
  • 3
  • 15
  • 24
1 2
3
83 84