shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Demers <>
Subject Re: AJAX
Date Tue, 02 Sep 2014 12:30:02 GMT
My point was more the fact that you could use basic auth, and drop a cookie for the following
requests. (Basically just replacing the form login)


> On Sep 2, 2014, at 3:17 AM, Dominic Farr <> wrote:
> Not sure that makes sense. Basic authentication uses HTTP Headers, not cookies. See Here
> Yes, Shiro can handle security for ajax stacks like AngularJS, but it all depends on
your security requirements; Basic, Session based cookies, or Token based authentication (sometimes
called Bearer Token.)
> OAuth did a nice break down for AngularJS and security, you can read that here
> Best of luck.
> Dom
>> On 2 Sep 2014 03:26, "Brian Demers" <> wrote:
>> You could use BASIC auth (and check for a cookie)
>> -Brian
>>> On Sep 1, 2014, at 11:03 AM, Anant Rao <> wrote:
>>> Hi,
>>> I am a backend developer. Using Shiro, I implemented a form-based authenticator
with SHA256 salted password hasher. All of this works great.
>>> Now, the front-end developer says he is using angularJS and he's unable to mix
form-based auth with the rest of his stuff and asked me to figure out if I can support AJAX
based thing for Auth also.
>>> I'm not familiar with the front-end technologies. Could you help me understand
if Shiro supports such AJAX-based authentication.
>>> Thanks!
>>> Anant

View raw message