Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
8
votes
4 answers

How to stock and use a shiro's salt from database

I use shiro in application for the authenticate. I use hashed password with a salt and I store them in my database like this : private User createUserWithHashedPassword(String inName, String inFirstName, String inLastName, String inPassword){ …
Fred37b
  • 822
  • 2
  • 10
  • 29
8
votes
3 answers

Shiro: Handling Exceptions thrown by annotations

I am using using Shiro annotations to check for authorization like this : @RequiresPermissions("addresses:list") public ModelAndView getCarrierListPage() { return new ModelAndView("addressList", "viewData", viewData); } My…
simplfuzz
  • 12,479
  • 24
  • 84
  • 137
7
votes
2 answers

CacheManager properties have been set- Apache Shiro

How can I set cacheManager properties, while using Apache shiro. On debugging , I am getting INFO like, 80104 [1045903843@qtp-967078155-3] INFO org.apache.shiro.realm.AuthorizingRealm - No cache or cacheManager properties have been set. …
lofa in
  • 317
  • 1
  • 8
  • 26
7
votes
6 answers

GORM createCriteria and list do not return the same results : what can I do?

I am using Nimble and Shiro for my security frameworks and I've just come accross a GORM bug. Indeed : User.createCriteria().list { maxResults 10 } returns 10 users whereas User.list(max: 10) returns 9 users ! After further investigations,…
fabien7474
  • 16,300
  • 22
  • 96
  • 124
7
votes
2 answers

Shiro: Cannot invalidate HttpSession

I have a Shiro session (id=11111) and a http session (id=22222). When I try to invalidate the HttpSession, the wrong id is used. Code: public void logout() { SecurityUtils.getSubject().logout(); // exception is thrown in this…
sinclair
  • 2,812
  • 4
  • 24
  • 53
7
votes
4 answers

Restrict access to java-melody monitoring url

Is there a way I can restrict access to /monitoring url generated by Java-Melody plugin in Grails using Shiro roles? Update: a little bit more details. It's no problem so secure most Grails ressources with shiro. But in case of the java melody…
AverageJoe
  • 436
  • 4
  • 13
7
votes
1 answer

Undestanding how secure/httponly cookie works for java applications

I have been having a behaviour that I can only qualify as weird due to my current level of understanding of this. I have apache version : 2.4.7 on Ubuntu proxying through AJP 1.3 tomcat 7.0.52.0 running a spring application (MVC) with apache shiro…
black sensei
  • 6,528
  • 22
  • 109
  • 188
7
votes
3 answers

Shiro.ini file configuration but in Java class?

I want to know if its possible to configure Shiro without the shiro.ini file, I mean, instead of using the INI file, what if I need to make the Shiro config to be hardcoded in a Java class?
quarks
  • 33,478
  • 73
  • 290
  • 513
7
votes
1 answer

Shiro, Multi Factor Authentication

Is there a way to implement multi factor authentication in Shiro? Can somebody give me a hint on how to implement this? For more details: The basic idea is, that a user needs to login just as usual, using username and password, but before being…
RedSonja
  • 350
  • 1
  • 13
7
votes
2 answers

Centralized API provider - oAuth or not?

I am a bit lost with the overflow of information and I need some guidance on the best way I can support providing APIs access only to trusted clients. Current environment: We currently have a centralized server that handles user…
SiN
  • 3,704
  • 2
  • 31
  • 36
6
votes
1 answer

Apache Shiro integration and Netty ExecutionHandler/OrderedMemoryAwareThreadPoolExecutor

I just added an ExecutionHandler to my server pipeline just before my main business logic handler as recommended in the documentation. I am using Apache Shiro http://shiro.apache.org/ for security. It worked fine until I added the ExecutionHandler.…
Matt Friedman
  • 1,535
  • 1
  • 17
  • 24
6
votes
1 answer

How to use a shiro native session in a grails web application?

Currently, I am using the default HttpSession object in both controllers and gsp pages: In controllers: ... session.mykey = anObject; // adding an object to session ... if (session.otherkey) { // performing some checking In GSPs: ...
r0drigopaes
  • 103
  • 1
  • 8
6
votes
6 answers

Shiro Authorization Permission check using Annotation not working

Platform: Shiro 1.1.0, Spring 3.0.5 I'm trying to secure the MVC Controller methods using Shiro annotation. However something is wrong with annotations. Regular calls are just working OK. There is nothing specific in Shiro debug also. My shiro…
Firdous Amir
  • 1,297
  • 5
  • 21
  • 39
6
votes
2 answers

Spring MVC and Shiro Configuration using ini files

I'm trying to set up an environment with Spring MVC and Apache Shiro. I'm following articles mentioned in shiro.apache.org. I'm using Spring's DelegatingFilterProxy as Shiro Filter in web.xml. The current filtering is done using :
Firdous Amir
  • 1,297
  • 5
  • 21
  • 39
6
votes
2 answers

Apache Shiro "with JSF 2.0" ! How does it go?

I am looking for frameworks/solution for authentication/ user-login management/ security in java web application that can make the naive developer's job easier/faster and make the application relatively more secured against potential threats. As…
Rajat Gupta
  • 25,853
  • 63
  • 179
  • 294
1 2 3
83 84