Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
6
votes
1 answer

Reverse Proxy login with credentials from node.js

I currently have a server running Spring in a Tomcat servlet with Shiro Token system for checking if a user is logged in already. It allows cross-domain requests. In any other domain I can on the client (generally using angular)…
crowmagnumb
  • 6,621
  • 9
  • 33
  • 42
6
votes
2 answers

Does Apache Shiro support bCrypt?

Does the Apache Shiro Authentication Framework support the use of the bCrypt password hashing algorithm? If not, is there a way to get it working with Shiro? Are there any other Authentication frameworks like Shiro supporting bCrypt, other than…
Kramer786
  • 1,238
  • 1
  • 12
  • 26
6
votes
3 answers

Writing custom Shiro realm

I am constructing my own AuthorizingRealm subclass, and am having a tough time wiring it up to my SecurityManager. The essence of my realm: public class MyRealm extends AuthorizingRealm { protected AuthenticationInfo…
smeeb
  • 27,777
  • 57
  • 250
  • 447
6
votes
2 answers

How to configure Shiro with Spring Boot

I have a Spring MVC web application that uses Shiro authentication using Spring configuration rather than a shiro.ini. I want to transition to a Spring Boot application. I have been mainly successful. The application starts in Spring Boot and my…
Daniel Vaughan
  • 666
  • 1
  • 5
  • 14
6
votes
0 answers

shiro configuration [urls] section dynamically

I am new to Shiro, I want to use this for securing my web application. I have tested it's various features. I have also tested [urls] /login.xhtml = authc /logout = logout /admin/** = user, roles[admin] /guest/** = user, roles[admin,guest] But In…
Ankit Katiyar
  • 2,631
  • 2
  • 20
  • 30
6
votes
1 answer

How to redirect already authenticated user from login page to home page

I'm developing JSF application with Apache Shiro. I autenticate the user with Shiro and redirect her to home page there is no problem with that. After the authentication when I try to access login page, it doesn't redirect me the homepage. I can…
molgun
  • 157
  • 2
  • 7
6
votes
1 answer

keep getting javax.faces.application.ViewExpiredException: viewId with jsf 2

Whatever I do I get javax.faces.application.ViewExpiredException: viewId. I know how to handle the exception (redirect to the main page again if I get the error), the issue is that any action I call from a commandButton is not executed. Basically I…
user2846482
  • 131
  • 1
  • 3
  • 9
6
votes
2 answers

How can i make Shiro work in Scala + Akka + Spray environment

I guess that i don't understand the workflow correctly. I'm writing a web service in Scala with Apache Shiro and Stormpath. My user authentication process looks like this: 1) Get user data from POST request, check it with Stormpath and if everything…
4lex1v
  • 21,367
  • 6
  • 52
  • 86
6
votes
5 answers

Apache Shiro: How would you manage Users?

I want to use Shiro on my next web project but I do not know a good (if not the best) strategy to manage users ([users] in shiro.ini). Is it best to create Shiro user for every registered member? Or create a single Shiro user then for every member…
Quirino Gervacio
  • 1,240
  • 9
  • 9
6
votes
2 answers

Spring is ignoring @Transactional annotations in Apache Shiro Realm class

I am using Spring for IOC and transaction management, and am planning to use Apache Shiro as the security library. Whenever I want to check a user's permissions, I call subject.isPermitted("right"), whereupon Shiro checks for the permission using a…
Jensen Ching
  • 3,144
  • 4
  • 26
  • 42
6
votes
2 answers

How to use the Shiro's SaltedAuthenticationInfo?

I work on an authentication component for my application. I'm using the Apache Shiro API with salted password. I create a new user with the salt like in this example : ByteSource salt = randomNumberGenerator.nextBytes(32); byte[] byteTabSalt =…
Fred37b
  • 822
  • 2
  • 10
  • 29
5
votes
1 answer

Zeppelin - LDAP Authentication failed

I am trying to configure ldap authentication in Zeppelin notebook. I have specified ldap server and other configurations by following this link. However, when I try to login I got following error: ERROR [2019-12-23 17:52:12,196] ({qtp1580893732-66}…
user1584253
  • 975
  • 2
  • 18
  • 55
5
votes
1 answer

how to implement Shiro Security of Grails in my Project

i m new to Grails and using some Shiro security. I have made a little site with login page and if login successful it redirects me to another loggedin page. now i want to implement Shiro Security. I have run that plugin and quick start app of Shiro…
Shah
  • 4,990
  • 10
  • 48
  • 70
5
votes
1 answer

Shiro: How to write a test for an endpoint protected with @RequiresRoles?

Say I have this resource: import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import…
L42
  • 3,052
  • 4
  • 28
  • 49
5
votes
2 answers

How to authenticate user on REST using Shiro and OATH 2

I am about to start developing a REST service and security is an important aspect of this project but I can't find some definitive information on how to implement it. My service will be consumed by an Android App at first, but could be used by other…
Michel Feinstein
  • 13,416
  • 16
  • 91
  • 173
1 2 3
83 84