Shiro custom realm restrict simple auth to certain users -


i'm using shiro , have custom realm. app has many users in database, , want support non-user process accounts api access. in realm, have implemented:

public boolean supports(authenticationtoken at)

protected authenticationinfo dogetauthenticationinfo(authenticationtoken authctoken)

protected authorizationinfo dogetauthorizationinfo(principalcollection principals)

this works great, have login form , process un/password no problem.

i want allow users able use basic http auth, , rest use form auth working. can set ini allow either method don't see how implement check type of authentication used in realm.

if login attempt non-api user authenticated via http headers, want reject request.

how do this, write filter , check http header way can think of.

i did following make work:

  • add "api" role users
  • create application class , set applicationpath /api rest endpoints wanted expose
  • restricted /api path authcbasic, role[api] in shiro.ini file

this works great. here details: http://blog.mikeski.net/blog_post/470


Comments

Popular posts from this blog

wordpress - (T_ENDFOREACH) php error -

Export Excel workseet into txt file using vba - (text and numbers with formulas) -

Using django-mptt to get only the categories that have items -