Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
5
votes
1 answer

how to configure a shiro Realm to connect to an oracle database within a struts2 application

I have been working with shiro (ki, jsecurity) now for a few days and have been able to create a test application. I am working with struts2, off JBoss. I have been able create a shiro.ini file with a few hard-coded users, and i have gotten that…
jahndatcam
  • 53
  • 1
  • 3
5
votes
3 answers

How to use separate realms for authentication and authorization with Shiro and CAS?

I'm working on a web application where multiple applications authenticates through a CAS SSO Server. Howerver, each application should maintain their respective roles and these roles are stored in a database specific to the application. So, I need…
Firdous Amir
  • 1,297
  • 5
  • 21
  • 39
5
votes
4 answers

applicationContext classpath not found

For some reason (a shiro filter) I saved my application context file in WEB-INF folder. Everything works when I run tomcat but, when I try to get an application context from a controller using : context = new…
Andrea Girardi
  • 4,337
  • 13
  • 69
  • 98
5
votes
3 answers

Passing Values to Enumerated Properties in Shiro ini

I am using the JDBC Realm and storing authentication data in SQL. I am storing the salt in the users table and relying on the DEFAULT_SALTED_AUTHENICATION_QUERY. To invoke that query I must set the SaltStyle. Therefore, I need to pass the…
Threadid
  • 730
  • 1
  • 7
  • 27
5
votes
1 answer

How configure threashold for Apache Shiro Excessive Failed Login Attempts?

Apache Shiro documentation implies some desired capabilities for trapping successive failed login attempts (among others) however, I cannot find concrete documentation for this. Presently I can execute currentUser.login(token); with invalid pw…
Threadid
  • 730
  • 1
  • 7
  • 27
5
votes
2 answers

Authentication against database using shiro 1.2.1

I am using Apache Shiro in my project. Currently I am using 1.1.0 version and now I am trying to migrate Shiro components to latest version 1.2.1. But when I try to do user authentication against a db it not working for some reason and I am not…
Prakash Gupta
  • 55
  • 1
  • 9
5
votes
1 answer

Java EE 6 groups, users and roles -vs- Shiro's roles, users and permissions

I am trying to mentally map Java EE 6 security concepts of groups, users and roles to the Apache Shiro's concepts of roles, users and permissions and my understanding is that they are incompatible. Reading through the Java EE 6 security tutorial it…
Marcus Junius Brutus
  • 26,087
  • 41
  • 189
  • 331
5
votes
1 answer

Shiro JndiLdapRealm authorization against LDAP

The JavaDoc for Shiro class JndiLdapRealm explicitly says that authorization is by default disabled and that authorization against an LDAP server should be implemented by the user by subclassing and overriding the…
Marcus Junius Brutus
  • 26,087
  • 41
  • 189
  • 331
5
votes
1 answer

Apache Shiro EhCache initialization exception: Another unnamed CacheManager already exists in the same VM

I am trying to get EhCache configured to handle authorization caching in my Apache Shiro enabled web service. Currently I am getting the following exception: org.apache.shiro.cache.CacheException: net.sf.ehcache.CacheException: Another unnamed…
Whitney Zoller
  • 133
  • 2
  • 7
5
votes
3 answers

Java options for web user authentication

I'm looking for a secure user login/session management component for a public web app. Spring Security seems to have potential, are there any other high quality alternatives? Conceptually this is easy and we currently have code that works fine,…
Jerry B
  • 193
  • 1
  • 1
  • 7
5
votes
1 answer

Apache Shiro on a Swing Client - EJB 3.1 Case for Authentication-Authorisation

General Case: A simple application that exposes its services through EJB (3.1) - most of them Stateless Sessions beans (nothing funcy here) and SWING based clients that, call through remote interfaces these services and do what they have to…
javapapo
  • 1,342
  • 14
  • 26
4
votes
1 answer

Handle Authentication in Ajax Interaction with JSF and Apache Shiro

I'm developing JSF application with Apache Shiro. Everything is OK except that when the the UI interacts with the server via ajax the web reflects nothing. how can I configure the application, so that the user is redirected to the login page when…
Azad
  • 399
  • 2
  • 6
  • 15
4
votes
2 answers

Combinining shiro:hasPermission tags

I am using the tag in various places in my JSPs to show or hide content depending on the permissions the current user has. However, sometimes I need to combine permissions, for…
Serafeim
  • 14,962
  • 14
  • 91
  • 133
4
votes
1 answer

Getting confused with Apache Shiro and Custom Authorizing Realms

I am trying to create a simple Authorizing Realm for Apache Shiro for testing: public class MyAuthRealm extends AuthorizingRealm { @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { …
Serafeim
  • 14,962
  • 14
  • 91
  • 133
4
votes
3 answers

Grails problem with shiro-quick-start: imports cannot be resolved (by Eclipse)

On my fresh new grails project, I installed shiro (grails install-plugin shiro) and the quick setup grails shiro-quick-start. This generated new files as described in the shiro documentation. However, in one of those files, controllers/(default…
mzuba
  • 1,226
  • 1
  • 16
  • 33
1 2 3
83 84