Stack Overflow
Stack Overflow

Questions tagged [shiro]

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.

Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management. Shiro's API provides mechanisms to secure a variety of application types, including mobile software, web apps, and enterprise systems.

Shiro can be configured using .ini files, programmatic setup, or a combination of both. For more information see:

1252 questions
4
votes
2 answers

Why doesn't Shiro's AnonymousFilter create new web sessions in this example?

I have two applications secured with Shiro allowing anonymous access to all pages. One is a WAR deployed inside a Jetty server, and the other is a standalone Java application with an embedded Jetty server. Why does the standalone app not create…
user1886323
  • 1,179
  • 7
  • 15
4
votes
1 answer

How to update principal of an authenticated subject in Shiro

I use Shiro 1.2.3 in a JSF2 project. I couldn't find a way to update the principal of an authenticated subject without a logout. I need this when a logged-in user wants to update his/her profile info. I store a userBean as principal and it should be…
K C
  • 41
  • 3
4
votes
3 answers

Is Shiro's DefaultPasswordService thread safe?

Can I have a single instance of DefaultPasswordService and call its encryptPassword() method without worrying about thread safety issues? The documentation doesn't make this clear.
pdeva
  • 43,605
  • 46
  • 133
  • 171
4
votes
5 answers

Java web application authentication - account design

I am working on a web project, backend is Java & Mysql, the client include web(html5) and app(IOS/Android), I have some doubt in design the account of the system. There are 3 different types of account: Shop, shop account will have its own…
Eric
  • 22,183
  • 20
  • 145
  • 196
4
votes
1 answer

Table schema for Shiro JdbcRealm Authorization?

I would like my app to use Apache Shiro for both authentication and authorization. I would like to start simple and have a relational database be the data source for both of these. This means I need to use the JdbcRealm. After reading the docs, it…
smeeb
  • 27,777
  • 57
  • 250
  • 447
4
votes
0 answers

Custom filter in apache shiro

I have two set of users one is anonymous and another is valid users (authenticated using cas server). So for anonymous I don't have ticket but for users I have the ticket. But I want to make the resource available to both with some nifty feature…
user4057050
  • 41
  • 2
4
votes
3 answers

How to determine which permissions a shiro user has

I have to deal with an application which is secured by apache shiro. I'm quite new to this framework. As far as I can see, I can check single rights via subject.isPermitted(), e.g. Subject subject =…
Thomas Junk
  • 5,588
  • 2
  • 30
  • 43
4
votes
3 answers

Shiro with HTTP Basic Auth or Anonymous access to same URI

I've a set of APIs under /api. If my shiro.ini lists this as: /api/** = authcBasic Then basic auth is required. If anon is present in place of authcBasic then no auth is required. I'd like to be able to use the APIs with basic auth so I can e.g.…
rich
  • 18,987
  • 11
  • 75
  • 101
4
votes
2 answers

Apache Shiro + Spring MVC

I have a project Spring MVC + Apache Shiro. Getting error while configurin Shiro in applicationContext.xml and web.xml. ApplicationContext.xml:
0bj3ct
  • 1,400
  • 4
  • 22
  • 51
4
votes
1 answer

Apache Shiro and Multi-factor Authentication

I am working on a application where I have implemented Apache Shiro based authentication. I can now get a user to log in successfully backed by my database. I know want to improve on this and allow a second long step. So scenario would be: User 1…
user2630656
  • 129
  • 2
  • 5
4
votes
1 answer

how to close shiro session

I met an error when hardcode try to logout with shiro. user do login and logout not through web login/logout url, but backend link. when login, it works. Subject currentUser = SecurityUtils.getSubject(); UsernamePasswordToken token = new…
Paris Tao
  • 335
  • 1
  • 3
  • 11
4
votes
2 answers

Error in shiro configuration in a Grails-app

i'm using the Apache Shiro as the framework for athetication of my application. I was following the reference at http://www.grails.org/plugin/shiro and my application throws the exception: No SecurityManager accessible to the calling code, either…
Lucas
  • 3,059
  • 5
  • 33
  • 48
4
votes
1 answer

Shiro HttpSession in SessionListener?

I'm trying to replace the session management (Currently handled by Catalina/Tomcat) of my webapp to shiro native session management. This should be a fairly easy job, as is adverted by the shiro website: Transparent HttpSession support - If you are…
Karsten Daemen
  • 162
  • 11
4
votes
1 answer

shiro with jdbc and hashed passwords

Here is my shiro config [main] authc.loginUrl = /site/index.jsp authc.usernameParam = user authc.passwordParam = pass authc.rememberMeParam = remember authc.successUrl =…
abdu
  • 667
  • 5
  • 14
4
votes
1 answer

Guice @SessionScoped annotation causes IllegalArgumentException with Shiro HttpSession

I have an Apache Wicket 1.5 application that uses Shiro for security, and Guice for dependency injection. Most of its pages are stateless, but some of my model objects (user data, current menu state, ...) need to be consistent across all requests in…
weltraumpirat
  • 22,544
  • 5
  • 40
  • 54
1 2 3
83 84