shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien Muller <>
Subject Shiro and GWT
Date Mon, 31 Oct 2011 13:01:23 GMT

I am evaluating security solutions for a GWT application.
I like the shiro approach since it seems simple and easy to plug to ldap,
but I am afraid I did not really find working examples or tutorial about
this context.

I acknowledge you cannot use shiro classes from client side (javascript),
but do not think this should be a problem.

My understanding about what I should do (simple version with local users
defined in shiro.ini):
- Add IniShiroFilter to my web.xml
- add shiro.ini with authc.loginUrl = login.html, users and urls.
- Add a login.html page
- I will handle rpc security afterwards passing credentials in my payload
and perform server side validation for each call.

Up to know, I can tell my shiro.ini is taken into account, the application
can forward to login.html, but then nothing else is done.
I have seen in this tutorial:
that a custom servlet is implemented for login. It seems to me it should be
handled automatically by shiro (or not?).

Furthermore, shiro documentation let me believe that after login, the user
will be automatically redirected to his original request page, which is
definitely not the case during my tests.

Any help or guidance would be appreciated.


Best Regards,


View raw message