shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Haile <>
Subject Re: How to use my own realm?
Date Thu, 06 Nov 2008 20:32:21 GMT
Hey John,

Most users building webapps with JSecurity use the JSecurityFilter,  
which is easier than declaring the security manager yourself.  Check  
out web.xml in the quickstart app included in the sample app for an  

If you are using Spring, you will want to declare the  
SpringJSecurityFilter.  Using this filter, if you want to use the  
default security manager, you can simply declare a Realm in spring and  
the filter will automatically use it.  If you want to configure the  
security manager manually, you can just drop the security manager in  
your Spring application context, and the SpringJSecurityFilter will  
automatically pick that up.

If you want to use the default JSecurityFilter without spring, you can  
specify a custom realm by adding a [main] section to your JSecurity  
config (either specified in web.xml or in jsecurity.ini) such as:
myRealm = com.mydomain.MyRealm

Hope this helps you get started.  Let me know if you run into any  


On Nov 4, 2008, at 5:13 PM, John Cladmore wrote:

> Hi all,
> I am new to JSec.  I was messing with Spring Security before  
> deciding to try JS.  Here is where I am stuck.  I have created a  
> simple web app using the jsp pages from the web sample in the JS  
> distribution.  I have successfully configured JS to use either Basic  
> Auth or Form Auth filters.  I read that to use my own realm, I could  
> set my own realm in the default security manager (which is the only  
> implemented security manager and which is created by default).  So i  
> did something like this:
>   MyRealm myRealm = new MyRealm();
>   DefaultWebSecurityManager dsm = new  
> DefaultWebSecurityManager(myRealm);
>   SecurityUtils.setSecurityManager(dsm);
> MyRealm implements Realm, I have also tired extending one of the  
> other realms.  I have even tried creating a default security manager  
> and setting the realm.
> None of my efforts have been successful so far.   So what exactly am  
> I doing wrong or missing?
> I have been able to get the login page and my servlet to handle the  
> login form to invoke.  In my servlet i tried to do all of this and  
> login (this is just testing stuff).
> Please help.
> Thanks.
> .v

View raw message