Tech-Today
Currently I've been working on a project that uses shiro for authentication and authorization. I can say that aside from the fact that it doesn't support jsf, it's a very useful tool.
This page contains codes that will help you in configuring your project to enable both the default http and shiro's native session.
1.) web.xml - enable shiro filter:
2.) Enable default Http session in shiro.ini:
3.) Enable shiro's native session:
- How To Implement No Caching On Jsf Pages
Currently there are 2 ways I know that can do this. 1.) By implementing Filter and manually overriding the cache controls. See code below (note: not my original I found this somewhere else long time ago): @WebFilter(servletNames = { "Faces Servlet" })...
- Javaee Development
JavaEE6How to create a javaee6 web app using jboss maven war archetypeCreate a simple javaee6 web app with maven, glassfish and postgresqlHow to validate a JavaEE6 Bean in a jobHow to add JavaEE 6 archetypes in eclipse keplerHow to create a custom bean...
- How To Setup Seam3-security In Jboss 7
Recently, I've done some research on several Java Security Framework that can perform authentication, authorization and cryptography. I've worked with Apache Shiro, it's really good and complete but I've found several problems like there's...
- How To Integrate Apache Shiro With Javaee6
This tutorial will show the readers, how I was able to integrate Apache Shiro with JavaEE6. My technology Stack: JavaEE6, Glassfish3.1.2.2, Apache Shiro1.2 Steps: 1.) Create a maven project and include the following dependency. <dependencies> <dependency>...
- Mssql How To Update A Column Base On A Row Number
Just recently I was asked to normalized or divide a table into 2 tables. Unfortunately, the only column that linked them (email) allows multiple same values, even aggregate would not do (email, password, etc). This is because there's a field that...
Tech-Today
Using shiro's native and the default http session
Currently I've been working on a project that uses shiro for authentication and authorization. I can say that aside from the fact that it doesn't support jsf, it's a very useful tool.
This page contains codes that will help you in configuring your project to enable both the default http and shiro's native session.
1.) web.xml - enable shiro filter:
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
2.) Enable default Http session in shiro.ini:
[main]
saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl
# any object property is automatically configurable in Shiro.ini file
saltedJdbcRealm.jndiDataSourceName = dropshipDS
# the realm should handle also authorization
saltedJdbcRealm.permissionsLookupEnabled = true
# If not filled, subclasses of JdbcRealm assume "select password from users where username = ?"
# first result column is password, second result column is salt
saltedJdbcRealm.authenticationQuery = SELECT password, salt FROM crm_users WHERE disabled = false AND username = ?
# If not filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?"
saltedJdbcRealm.userRolesQuery = SELECT name FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ?
# If not filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?"
saltedJdbcRealm.permissionsQuery = SELECT action FROM crm_permissions WHERE role = ?
# password hashing specification, put something big for hasIterations
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName = SHA-256
sha256Matcher.hashIterations = 1
saltedJdbcRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $saltedJdbcRealm
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile = classpath:ehcache.xml
securityManager.cacheManager = $cacheManager
dsFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
dsFilter.loginUrl = /login.xhtml
roles = com.czetsuya.commons.web.security.shiro.RolesAuthorizationFilter
[urls]
/login.xhtml = dsFilter
/backend/** = dsFilter, roles[backend]
/affiliate/** = dsFilter, roles[affiliate]
/api/** = noSessionCreation, dsFilter
/logout = logout
3.) Enable shiro's native session:
[main]
saltedJdbcRealm = com.czetsuya.commons.web.security.shiro.JdbcRealmImpl
# any object property is automatically configurable in Shiro.ini file
saltedJdbcRealm.jndiDataSourceName = dummyDS
# the realm should handle also authorization
saltedJdbcRealm.permissionsLookupEnabled = true
# If not filled, subclasses of JdbcRealm assume "select password from users where username = ?"
# first result column is password, second result column is salt
saltedJdbcRealm.authenticationQuery = SELECT password, salt FROM crm_users WHERE disabled = false AND username = ?
# If not filled, subclasses of JdbcRealm assume "select role_name from user_roles where username = ?"
saltedJdbcRealm.userRolesQuery = SELECT name FROM crm_roles a INNER JOIN crm_user_roles b ON a.id = b.role_id INNER JOIN crm_users c ON c.id = b.user_id WHERE c.username = ?
# If not filled, subclasses of JdbcRealm assume "select permission from roles_permissions where role_name = ?"
saltedJdbcRealm.permissionsQuery = SELECT action FROM crm_permissions WHERE role = ?
# password hashing specification, put something big for hasIterations
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName = SHA-256
sha256Matcher.hashIterations = 1
saltedJdbcRealm.credentialsMatcher = $sha256Matcher
securityManager.realms = $saltedJdbcRealm
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionDAO.activeSessionsCacheName = dropship-activeSessionCache
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
#sessionManager.sessionIdCookie.domain = com.sido
# 1,800,000 milliseconds = 30 mins
#sessionManager.globalSessionTimeout = 1800000
sessionValidationScheduler = org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
# 1,800,000 milliseconds = 30 mins
sessionValidationScheduler.interval = 1800000
sessionManager.sessionValidationScheduler = $sessionValidationScheduler
securityManager.sessionManager = $sessionManager
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
cacheManager.cacheManagerConfigFile = classpath:ehcache.xml
securityManager.cacheManager = $cacheManager
sidoFilter = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
sidoFilter.loginUrl = /login.xhtml
# logout.redirectUrl = /login.xhtml
[urls]
/login.xhtml = sidoFilter
/secure/** = sidoFilter
/api/** = noSessionCreation, sidoFilter
# /logout = logout
- How To Implement No Caching On Jsf Pages
Currently there are 2 ways I know that can do this. 1.) By implementing Filter and manually overriding the cache controls. See code below (note: not my original I found this somewhere else long time ago): @WebFilter(servletNames = { "Faces Servlet" })...
- Javaee Development
JavaEE6How to create a javaee6 web app using jboss maven war archetypeCreate a simple javaee6 web app with maven, glassfish and postgresqlHow to validate a JavaEE6 Bean in a jobHow to add JavaEE 6 archetypes in eclipse keplerHow to create a custom bean...
- How To Setup Seam3-security In Jboss 7
Recently, I've done some research on several Java Security Framework that can perform authentication, authorization and cryptography. I've worked with Apache Shiro, it's really good and complete but I've found several problems like there's...
- How To Integrate Apache Shiro With Javaee6
This tutorial will show the readers, how I was able to integrate Apache Shiro with JavaEE6. My technology Stack: JavaEE6, Glassfish3.1.2.2, Apache Shiro1.2 Steps: 1.) Create a maven project and include the following dependency. <dependencies> <dependency>...
- Mssql How To Update A Column Base On A Row Number
Just recently I was asked to normalized or divide a table into 2 tables. Unfortunately, the only column that linked them (email) allows multiple same values, even aggregate would not do (email, password, etc). This is because there's a field that...