Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
0
votes
1 answer

SecurityUtils internals of Shiro

This is actually a common question rather than Shiro specific. What I would like to learn is how org.apache.shiro.SecurityUtils#getSubject is working. I have checked necessary parts of the SecurityUtils and ThreadContext and I am totally puzzled…
Cemo
  • 5,370
  • 10
  • 50
  • 82
0
votes
1 answer

User logon with Apache Shiro and Sesame

I have a Sesame triple store where I store users account and I'm building a Java Web Application with a login form. I would like to use Apache Shiro to do this. Does anyone know how to authenticate users using Shiro and Sesame? Thank you. -Antonio
user1047400
  • 45
  • 1
  • 2
  • 8
0
votes
1 answer

Having trouble with apache shiro saltedauthentication.hashProvidedCredentials not given expected hash

This is the second time I'm using apache shiro in a project but the first time am salting the password.this time around i use apache shiro 1.2.0 . I'm using shiro in a web application using jsp, spring, JPA(spring-data-jpa) and using SHA256 for…
black sensei
  • 6,528
  • 22
  • 109
  • 188
0
votes
1 answer

Why does ShiroWebModule default to a non-validating SessionManager?

ServletContainerSessionManager isn't a ValidatingSessionManager; does it defer to the underlying container to handle orphan cleanup? That doesn't seem right. I assume that switching to DefaultWebSessionManager, as it's a full-featured…
coyotesqrl
  • 142
  • 2
  • 5
0
votes
1 answer

Creating a custom login page + bean for Apache Shiro

I have: A Java EE Web Application project in Netbeans 7.2. Shiro-Web is installed and working great with standard settings in the INI file: users are automatically redirected to the standard login.jsp page, where they can log in without…
csvan
  • 8,782
  • 12
  • 48
  • 91
0
votes
1 answer

Grails - Invoking Shiro login action in service

I have rather unusual problem - I need to make mobile device login to the database system on Grails. The mobile device is sending XML files and they are used as data transfer between device and database application. First thing I must do is…
wyrdhamster
  • 3
  • 3
0
votes
1 answer

Can't Use Shiro's Subject in Spring Decorator Controller

I'm using Spring with Shiro, and in my Spring project I have a decorator controller that displays a decorator page via sitemesh. The decorator page adds onto every page navigation links, like login and logout. I want login and logout to appear based…
Jesse Jashinsky
  • 10,313
  • 6
  • 38
  • 63
0
votes
1 answer

how to integrate Java security layer (Apache Shiro|Spring Security) to webapp menu system

As the title says, i have a need to create a dynamic menu stored as a tree in the database and there are plans to put an interface on it.Now i need to decide how to implement the Access Control Layer based on what is on the market suitable for this…
black sensei
  • 6,528
  • 22
  • 109
  • 188
0
votes
1 answer

Shiro URL filter not working

I have created a simple JSF login page and am using Apache Shiro to provide the authentication and authorisation mechanism, however the URL filters specified in the shiro.ini do not appear to be working. In the root WebContent directory I have two…
Paul H
  • 2,104
  • 7
  • 39
  • 53
0
votes
1 answer

SSO Integration between a custom Java web app with Drupal using Apache Shiro

I have a web application developed using Java (Java EE), spring & Hibernate. We are planning to use Apache Shiro for role & access management. One of our client requirement is to use some CMS functionality along with the web application, for which…
Yogesh
  • 3
  • 3
0
votes
1 answer

Spring Security / Shiro and single-use code

We are developing an exam-application where access to the exam is granted by a single-use code. So basicly we give a candidate a code, for example 'FG678', and this is his code to access the exam. So the login-form should only have one field and if…
user829237
  • 1,719
  • 8
  • 37
  • 61
0
votes
1 answer

use shiro with mvn jetty plugin

I downloaded "Spring MVC + Shiro + myBatis + JSR-303 Validation" example from apache shiro doc page, and I want to run it with maven jetty plugin, So I open the pom.xml and put things like this
noodleneedsbeef
  • 17
  • 3
0
votes
1 answer

Shiro: Forcing second realm authentication even though existing session is already authenticated via other realm

In my web application that uses Apache Shiro for AuthC and AuthZ I have two authentication realms: One for the regular web interface (called SsoRealm) and another one for the REST API (called RestRealm) using an API token. The principals…
Thilo-Alexander Ginkel
  • 6,898
  • 10
  • 45
  • 58
0
votes
1 answer

In Shiro Guice, how can I change authc to a different subclass?

Example: In shiro.ini I have: # Change from FormAuthenticationFilter to VerboseFormAuthenticationFilter authc=webapp.filters.VerboseFormAuthenticationFilter authc.loginUrl=/login authc.successUrl=/oncall How can I perform the above using Shiro…
Basil Musa
  • 8,198
  • 6
  • 64
  • 63
0
votes
1 answer

How to handle UnauthenticatedException with Shiro

I have a method in my resource with @RequiresGuest annotation. When logged in user hits the link it rightfully throws an UnauthenticatedException with this message Attempting to perform a guest-only operation. The current Subject is not a guest…
husayt
  • 14,553
  • 8
  • 53
  • 81
1 2 3
83 84