shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Debashis Ghosh <>
Subject rest, glassfish4 shiro enabled working sample
Date Wed, 06 Aug 2014 14:52:07 GMT
I am new to javaee development. I am trying to build a javaee application in
which rest services residing on Glassfish4 will be invoked by mobile
clients. I came across apache shiro framework on the web for authentication
and authorization. I would like to secure the services using shiro. For the
time being I am trying to configure basic authentication with some hard
coded users to gain confidence. My final goal is to move the user store to a

Following the apache shiro tutorial I configured my web.xml and shiro.ini.

1) But somehow the rest services are still open and I can invoke them
without any password. is shiro.ini not getting loaded properly in my
application ?

2) In future I will have multiple rest services from multiple applications,
so I will need to configure shiro for all of them too ? Is there no way to
handle authentication, authorization of multiple webapp using single shiro
config ?

3) If you have a similar working sample please point me to that.

Project location


I can get the resource data without using any user/pwd

I am sure that I have not configured it properly. Need help to find out what
is missing.

View this message in context:
Sent from the Shiro User mailing list archive at

View raw message