shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aidaverdi800 <>
Subject Re: Shiro filter with Jaxrs server
Date Sun, 30 Aug 2015 00:34:33 GMT
I'm back again, I really cannot figure out how to make work shiro in my
It seems that there isn't a way to add shiro filter in cxf with jetty
embedded and no web.xml. I was thinking of doing a new cxf interceptor
calling shiro classes but then I will lose the simplicity of shiro

I tried also to add this code to convert cxf server to jetty server and add
the filter as suggested, but if I don't add the shiro filter everything
works and I can call my url. If I add the context handler the new servlet
doesn't point to the rest resources, so the result of accessing the urls
with shiro is "Error 404 Not Found". I'm a beginner in cxf too so
understanding what is going on is tricky.

              // old code
JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
JacksonJaxbJsonProvider jackson = new JacksonJaxbJsonProvider();
ObjectMapper m = new ObjectMapper();
m.configure(DeserializationFeature.UNWRAP_ROOT_VALUE, true);

CrossOriginResourceSharingFilter cors = new
sf.setProviders( Arrays.< Object >asList(cors, jackson ) );
sf.setResourceProvider(CvService.class, new SingletonResourceProvider(new
System.out.println("webservice published on "+address);

Server cxfServer = sf.create();

// new code
Destination dest = cxfServer.getDestination();
JettyHTTPDestination jettyDestination =
ServerEngine engine = jettyDestination.getEngine();
JettyHTTPServerEngine serverEngine =
org.eclipse.jetty.server.Server httpServer = serverEngine.getServer();

// Had to start the server to get the Jetty Server instance.
// Have to stop it to add the custom Jetty handler.

CXFNonSpringJaxrsServlet jaxrsServlet = new CXFNonSpringJaxrsServlet();
final ServletHolder servletHolder = new ServletHolder(jaxrsServlet);
ServletContextHandler context=new
context.addServlet(servletHolder, "/*"); context.setContextPath("/");
context.addEventListener(new EnvironmentLoaderListener());
FilterHolder filterHolder = new FilterHolder();
filterHolder.setFilter(new ShiroFilter());
EnumSet<DispatcherType> types = EnumSet.allOf(DispatcherType.class);
context.addFilter(filterHolder, "/*", types);



Could anyone that has ecountered similar problem give me a suggestion for
the best direction to analyse? I would like to use shiro better than cxf
security but it seems really complicated in my case. Is the cxf interceptor
the way to go?


On Fri, Jul 10, 2015 at 9:00 AM, scSynergy <>

> Just on a side-note,
> /users/** = authcBasic
> leaves your user-password as plain-text and therefor totally vulnerable to
> eavesdropping.
> In production environments I suggest you change that line to
> /users/** = ssl[insert your port number here], authcBasic
> for instance my server
> /users/** = ssl[8443], authcBasic
> --
> View this message in context:
> Sent from the Shiro User mailing list archive at

View raw message