Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@shiro.apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Date: Fri, 4 Mar 2011 19:58:48 -0800 (PST)
From: mangelo <mikeangelo@usa.net>
To: dev@shiro.apache.org
Message-ID: <897PceD6j3600S01.1299297515@web01.cms.usa.net>
In-Reply-To: <AANLkTimUmNi8rUnkH74dRc-8Kxxr7-uBWXi-ZUD0H1ET@mail.gmail.com>
References: <1299252824925-6088874.post@n2.nabble.com>
 <969PcDXMb3440S04.1299281967@web04.cms.usa.net>
 <AANLkTinGoY3GtDtmF-iJi=fLqsEAojUWuP8iiKyZH97-@mail.gmail.com>
 <AANLkTimUmNi8rUnkH74dRc-8Kxxr7-uBWXi-ZUD0H1ET@mail.gmail.com>
Subject: Re: Single Sign On (SSO), Spring, Hibernate Help.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I've got most of this working, but the most obvious thing has caused the
latest roadblock!

I assumed this was possible:

/someurl/** =3D roles[RECORDS_MANAGEMENT_ADMIN, RECORDS_MANAGEMENT_ENTRY,
RECORDS_MANAGEMENT_USER]

I thought you would be able to specify more than one role given the 'roles'
filter name.

Please tell me that there is a simple work-around. I don't think I can
introduce permissions.

If the tablib does it, why couldn't it be done here?

Mike.


------ Original Message ------
Received: 07:15 PM EST, 03/04/2011
From: "Les Hazlewood-2 [via Shiro Developer]"
<ml-node+6090566-1231986583-321934@n2.nabble.com>
To: mangelo <mikeangelo@usa.net>
Subject: Re: Single Sign On (SSO), Spring, Hibernate Help.

>=20
>=20
> P.S. The one place in my Spring apps where I still like to use text
> config is in the ShiroFilterFactoryBean's 'filterChainDefinitions'
> property.  It is a much nicer (and more succinct) way of configuring
> filter chains than using web.xml.  I configure everything else as
> normal Spring XML though.
>=20
> On Fri, Mar 4, 2011 at 4:12 PM, Les Hazlewood <lhazlewood@apache.org>
wrote:
> > On Fri, Mar 4, 2011 at 3:39 PM, Michael Angelo <mikeangelo@usa.net>
wrote:
> >>> (specify this realm in your Shiro SecurityManager config of course -
> >>> shiro.ini, spring, etc).
> >>
> >> How can I set the 'ini' info in the spring config .xml? I swear I saw =
an
> >> example of that somewhere, but now I can't find it. I want to set the
cache
> >> there.
> >
> > Ah, you're using Spring - nice. =C2=A0In that case, you don't even need=
 INI
> > - IoC containers like Spring, Guice, Tapestry, etc are much better at
> > handling complex object graph configuration. =C2=A0The INI is just Shir=
o's
> > "lowest common denominator" to be used in any environment, aka "poor
> > man's" dependency injection if you can't (or don't want to) use the
> > more powerful mechanisms.
> >
> > So, to that end, you'll want to read our Spring documentation if you
> > haven't already:
> >
> > http://shiro.apache.org/spring.html
> >
> > In there, you'll see the the ShiroFilterFactoryBean referencing the
> > SecurityManager bean definition. =C2=A0In the SecurityManager bean
> > definition is where you'll want to specify your realms:
> >
> > <bean id=3D"securityManager"
> > class=3D"org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> > =C2=A0 =C2=A0<property name=3D"realm" ref=3D"myTrustedOracleSsoRealm"/>
> > =C2=A0 =C2=A0...
> > =C2=A0 =C2=A0<property name=3D"cacheManager" ref=3D"myCacheManager"/>
> > =C2=A0 =C2=A0...
> > </bean>
> >
> >> The issue is when a user comes to the first page (where they MUST set
their
> >> 'region' info) there needs to be a sole role just for that - the home
page.
> >> This is missing.
> >>
> >> After they set the 'region' info I will notify listeners, but that's a=
ll
that
> >> I have in my head for now. Rather than try the ThreadLocal approch fis=
t,
what
> >> do you think about attching the 'region' info to the Shiro Session
object? Can
> >> I obtain the current session for the current user from the Realm to
adjust the
> >> query executed by the DAO? That seems simple enough.
> >
> > Absolutely - that's a fine approach and will work quite well. =C2=A0The
> > ThreadLocal approach is good if you need a stateless system (e.g. REST
> > environments).
> >
> >> I am almost there!! You have been an amazing help!!
> >
> > Awesome - I'm glad to hear you're almost there :) =C2=A0Hopefully this =
has
> > been a good insight into what Shiro is capable of in a short amount of
> > time with a bit of help.
> >
> > In the next versions of Shiro, we'll focus even more on cleaning up
> > the need to subclass for these special cases. =C2=A0You'll find even mo=
re
> > pluggability where possible.
> >
> > Cheers,
> >
> > --
> > Les Hazlewood
> > Founder, Katasoft, Inc.
> > Application Security Products & Professional Apache Shiro Support and
Training:
> > http://www.katasoft.com
>=20
>=20
> _______________________________________________
> If you reply to this email, your message will be added to the discussion
below:
>
http://shiro-developer.582600.n2.nabble.com/Single-Sign-On-SSO-Spring-Hiber=
nate-Help-tp6088874p6090566.html
>=20
> To unsubscribe from Single Sign On (SSO), Spring, Hibernate Help., visit
http://shiro-developer.582600.n2.nabble.com/template/NamlServlet.jtp?macro=
=3Dunsubscribe_by_code&node=3D6088874&code=3DbWlrZWFuZ2Vsb0B1c2EubmV0fDYwOD=
g4NzR8LTE1NDY4NDI3NDY=3D


--
View this message in context: http://shiro-developer.582600.n2.nabble.com/S=
ingle-Sign-On-SSO-Spring-Hibernate-Help-tp6088874p6090948.html
Sent from the Shiro Developer mailing list archive at Nabble.com.