Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
4
votes
1 answer

Using FiltersUnitTestCase to unit test Shiro security filters, IllegalStateException

Update: I have changed this question to be about the specific problem I am having. This is because unit testing of Filters will be supported in Grails 2.0 so hopefully the documentation will be better then. I am trying to write unit tests for the…
David
  • 1,940
  • 3
  • 17
  • 30
4
votes
4 answers

need some tutorials on Grails Shiro Security

hey all i need some good tutorials demonstrating all the aspects of grails shiro securty, that how to use them using some example. i already have read the tutorials explained in grails site but i need some tutorials with examples. Please help…
Shah
  • 4,990
  • 10
  • 48
  • 70
4
votes
0 answers

Login process with Shiro takes too much time when CPU usage is 100%

I use Apache Shiro 1.2.3 to control the login process in my application. The application has a background process that feeds it with data to process; everything works fine when the application works with a low or mid data charge, but when the…
RAbuin
  • 41
  • 1
4
votes
0 answers

Limit Jena Fuseki's CURL access to localhost only

I'm in the process of finishing an RDF server. The requirements for the project are: 1) Triple Store that can be queried online. 2) Two RDF's that need to be generated on a weekly basis; (based on new data import) 3) Generation and import of those…
Clueless_captain
  • 420
  • 2
  • 13
4
votes
2 answers

JSESSION/HTTPSession vs. application-crafted session ID

In a web application based on propraietery MVC and authorization model, we have recently migrated to Spring MVC. As part of that move, we are also looking at moving away from a locally created GUID that is passed with each request to a cookie based…
JAR.JAR.beans
  • 9,668
  • 4
  • 45
  • 57
4
votes
0 answers

JSF 2.0 and Apache Shiro

Do you know some reference project or guide how to use Apache Shiro with JSF 2.0? B.R Carl
kungcc
  • 1,832
  • 5
  • 25
  • 48
4
votes
1 answer

Apache Shiro and Google Guice: Inject Dependencies into Realm

I develop a rest api with Jersey and want to use Google Guice for Dependency Injection and Apache Shiro as a security framwork. For Authentication i created a custom Realm to which I have to inject an custom Authenticator which is connected to the…
user524824
4
votes
4 answers

JSESSIONID cookie has '.node0' postfix while the server side sessionID doesn't

I am using shiro for session management. When I get the sessionID in server side it is something like this: node0sicwaberf0z59o8qpehfpasf6 However, when I check the JSESSIONID in my browser this value is saved…
Amir Qasemi
  • 70
  • 2
  • 10
4
votes
1 answer

How to use cache permissions in grails shiro

Everytime i call subject.isPermitted(), it sends a sql to db. How can i cache it? Any example? Thanks. I read the doc of shiro grails plugin, but cant solove it. DataSource: hibernate { cache.use_second_level_cache = true …
atian25
  • 4,166
  • 8
  • 37
  • 60
4
votes
4 answers

ABAC support for Spring Security or Apache Shiro

I'm trying to find any open-source or commercial implementation of Attribute-Based Access Control(ABAC) paradigm that will work together with Spring Security or Apache Shiro frameworks. Right now I can't find any of them. I don't think I'm a first…
alexanoid
  • 24,051
  • 54
  • 210
  • 410
4
votes
0 answers

Is it possible to set browser basic authentication with javascript?

I have secured static resources (css, js, png, htmls, ...) I use basic authentication. The user can't get anything unless he is authenticated. My question : is there any way to create a form and use javascript to set the value of basic auth for the…
bilal bilal
  • 41
  • 1
4
votes
1 answer

How to use Apache Shiro for authorization only?

Before I explain the issue I should say that we only need Apache Shiro for authorization and athentication is already enabled with OAuth2. So my code to enable Shiro is exactly as the code in this link here. I have also checked this issue. But for…
xbmono
  • 2,084
  • 2
  • 30
  • 50
4
votes
3 answers

"PKIX path building failed: unable to find valid certification path to requested target" Only in release version

The issue is something tricky. I tried to connect my war file to a Active Directory via LDAPS. While running with Debug Mode from IntelliJ IDEA, the code is working perfectly fine. When I Install the war files in same or different machine, am facing…
Dineshkumar
  • 1,468
  • 4
  • 22
  • 49
4
votes
0 answers

Apache Shiro: Howto set principalSuffix in JndiLdapContextFactory?

In Shiro's DefaultLdapContextFactory it was possible to set a principalSuffix. Since DefaultLdapContextFactory deprecated and JndiLdapContextFactory should be used instead, I wonder how to set a principalSuffix there. I don't want to hard-code it,…
Sylar
  • 2,273
  • 2
  • 18
  • 26
4
votes
1 answer

Apache shiro, return status 401 instead of redirect to url

We're using Apache Shiro in a Spring MVC REST-ish app; for our API, it makes more sense to return HTTP status 401 (or 419) rather than redirect to another URL; I've been looking at the documentation, but can't see how to do so. Does anybody know how…
okaram
  • 1,444
  • 13
  • 11
1 2 3
83 84