shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mangelo <mikeang...@usa.net>
Subject Re: Single Sign On (SSO), Spring, Hibernate Help.
Date Fri, 04 Mar 2011 18:01:31 GMT
I appreciate the help, but I am so lost that I have no idea where to turn.

My scenario is like this: Users are already authenticated and as a result
their user-id is in the HttpServletRequest header. I thought I was supposed to
use the Realm to load their roles, permissions, etc, but it looks like some of
what is in the Realm is duplicated in the AuthenitcatingFilter.

Once I get the Subject loaded up with their roles and permissions all is well
and good. Why I could not use Spring security is the user is able to change
their 'region' which comes with it a new set of permissions. I need for Shiro
to load up these new permissions so that they can be checked for later.

And now, I'm still staring at a blank wall and security was supposed to be
done this week.

Mike

------ Original Message ------
Received: 
From: "Jared Bunting [via Shiro Developer]"
<ml-node+6089122-650594199-321934@n2.nabble.com>
To: mangelo <mikeangelo@usa.net>
Subject: Re: Single Sign On (SSO), Spring, Hibernate Help.

> 
> 
> On 03/04/2011 09:33 AM, mangelo wrote:
> > I am brand new to Shiro. Just found it last night. I am very encouraged
from
> > what I've read so far. My security requirements seem to be too much for
> > Spring Security. I am confident that Shiro can handle them given the
> > flexibility.
> > 
> > The only problem is that I don't know how quite to get started. I've
found
> > the Spring samples and how to get set up. My problem is the users of my
app
> > are already authenticated by Oracle SSO. The username is in the request
> > header.
> > 
> > How do I get it out of the request header and into Shiro? Where would I
put
> > such code?
> 
> This should go into a filter.  You likely want to extend
> AuthenticatingFilter - look at the BasicHttpAuthenticationFilter for an
> example that uses headers.
> 
> Basically, your filter should pack up the header value in an
> AuthenticationToken.  Shiro will pass this AuthenticationToken to your
> Realm.
> 
> > 
> > I have based my Realm from the SampleRealm class. Should I always return
> > 'false' from the supports method? Should I return
SimpleAuthenticationInfo()
> > with an empty string as the password?
> 
> I would say yes.  In addition, accept the AuthenticationToken type that
> you created in your filter.
> 
> > 
> > If there is a more complete example that would help out a lot. I feel
like
> > I've hit a brick wall.
> > 
> > TIA.
> > 
> > MIke.
> > 
> > --
> > View this message in context:
http://shiro-developer.582600.n2.nabble.com/Single-Sign-On-SSO-Spring-Hibernate-Help-tp6088874p6088874.html
> > Sent from the Shiro Developer mailing list archive at Nabble.com.
> 
> 
> 
> 
> _______________________________________________
> If you reply to this email, your message will be added to the discussion
below:
>
http://shiro-developer.582600.n2.nabble.com/Single-Sign-On-SSO-Spring-Hibernate-Help-tp6088874p6089122.html
> 
> To unsubscribe from Single Sign On (SSO), Spring, Hibernate Help., visit
http://shiro-developer.582600.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=6088874&code=bWlrZWFuZ2Vsb0B1c2EubmV0fDYwODg4NzR8LTE1NDY4NDI3NDY=




--
View this message in context: http://shiro-developer.582600.n2.nabble.com/Single-Sign-On-SSO-Spring-Hibernate-Help-tp6088874p6089432.html
Sent from the Shiro Developer mailing list archive at Nabble.com.

Mime
View raw message