Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
5
votes
1 answer

Not able to pull from Mongo db using Morphia - No usable constructor

So i'm trying to save the password in sha265 into mongo db and use Apache Shiro framework in order to authorize the user login, while trying to pull from the DB i'm getting morphia run time exception, here is the code : User class: public class User…
USer22999299
  • 5,284
  • 9
  • 46
  • 78
5
votes
2 answers

how to get id of current user in websocket open method?

I am trying to get user id in open method of websocket, and for this I am using shiro, but I get null for Subject,Here is my method: @OnOpen public void open(final Session session, @PathParam("room") final String room) { Subject currentUser =…
Nazila
  • 1,353
  • 4
  • 15
  • 28
5
votes
4 answers

Could not autowire field: can't to com.sun.proxy.$Proxy22

Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: protected com.cms.service.FolderService com.cms.action.BaseAction.folderService; nested exception is java.lang.IllegalArgumentException: Can not set…
lynn_xly
  • 95
  • 1
  • 2
  • 12
5
votes
2 answers

How to use different unauthorized url for different roles in apache shiro

I have been trying to assign different unauthorized url for different roles in url section of shiro.ini file for a web application but it seems I am not able to do it.Below is the code that I have tried. shiro.ini file [main] authc1 =…
Madhuri Gaur
  • 131
  • 4
5
votes
1 answer

Is Apache Shiro correct choice for my case?

I'm trying to implement a modular authentication/authorization app. I was wondering if Shiro is the correct choice. What I want to get is to have a system to which I can plug in and maybe in later time exchange some authentication endpoints and also…
Ma Kro
  • 1,232
  • 4
  • 20
  • 34
5
votes
1 answer

Add information to the subject on apache shiro

Im using apache shiro. When i want to know if the user have permissions and roles i use SecutiryUtils.getSubject(). I like to know how to add more information to the subject like email, primary key and any other business information that i need so i…
Tiago Wanke Marques
  • 91
  • 9
5
votes
1 answer

Guice synthetic methods warning

We are having Guice and its AOP support. We have two 3d party modules which use the AOP support: Shiro and the Guice's JPA module. As a result Guice complains that "The method may be intercepted twice". My question is how can I avoid such behavior:…
Alexey Balchunas
  • 400
  • 3
  • 10
5
votes
1 answer

Apache Shiro: IllegalArgumentException upon login

When using Apache Shiro, the following exception appears upon login: java.lang.IllegalArgumentException: Configuration error. Configuration error. Specified object [authc] with property [loginUrl] without first defining that object's class. …
Ali-Alrabi
  • 1,515
  • 6
  • 27
  • 60
5
votes
1 answer

Apache Shiro credentials based security for Rest service

I'm creating a App using Shiro as the security framework. The app have two parts; Web and Rest. The Web is using Shiro's default FormAuthenticationFilter. I'm happy with the session based approach. The stand alone app which is using Rest, I want…
Rentius2407
  • 1,108
  • 2
  • 11
  • 29
5
votes
2 answers

Spring service with cacheable methods gets initialized without cache when autowired in Shiro realm

After spending 2 days on this issue I really can't make any more progress on my own. I am working on a standard web application with Spring for dependency injection and the likes. I am also using Spring to cache several expensive methods I use a…
chk
  • 534
  • 3
  • 12
5
votes
0 answers

Apache shiro authentication , authorisation and SSO with Active Directory

I'm a complete newbie on the concepts of web security and I was having a pre-conceived notion that securing the application is incredibly hard. Looking at a video on Apache shiro, I have a feeling that the complexity of security has all been…
user1189332
  • 1,773
  • 4
  • 26
  • 46
5
votes
2 answers

getting exception Authentication failed for token submission in apache shiro

i am new in apache shiro.i am getting exception when i execute this statement. currentUser.login(token); exception is errororg.apache.shiro.authc.AuthenticationException: Authentication failed for token submission…
user2549122
  • 203
  • 1
  • 5
  • 18
5
votes
1 answer

Can Infinispan be implemented as cache manager for Apache Shiro?

Apache Shiro allows some implementations for CacheManager. EHCache is one of these implemenations. I'd like to use Infinispan as Distributed Cache Manager. Until now, I'm not sure wheter it's feasible or not. Does anybody know how to implement…
blackjack
  • 1,081
  • 2
  • 13
  • 30
5
votes
1 answer

How do concepts of User (UserAccount) and Realm relate in Apache Shiro?

I'm reading up on Apache Shiro and like to see if I got this mental model right. From the docs: "A Realm is a component that can access application-specific security data such as users, roles, and permissions". .. "Realms usually have a 1-to-1…
Geert-Jan
  • 18,623
  • 16
  • 75
  • 137
5
votes
2 answers

Shiro resets the session after 2 min

I am using Apache Shiro in my webapp. I store some parameters in the session notably the primary key of an object stored in the database. When the user logs in, I load the object from the database and save the primary key in the session. Then…
user2177336
  • 205
  • 3
  • 13
1 2 3
83 84