Shiro custom realm restrict simple auth to certain users -
i'm using shiro , have custom realm. app has many users in database, , want support non-user process accounts api access. in realm, have implemented:
public boolean supports(authenticationtoken at)
protected authenticationinfo dogetauthenticationinfo(authenticationtoken authctoken)
protected authorizationinfo dogetauthorizationinfo(principalcollection principals)
this works great, have login form , process un/password no problem.
i want allow users able use basic http auth, , rest use form auth working. can set ini allow either method don't see how implement check type of authentication used in realm.
if login attempt non-api user authenticated via http headers, want reject request.
how do this, write filter , check http header way can think of.
i did following make work:
- add "api" role users
- create
application
class , setapplicationpath
/api
rest endpoints wanted expose - restricted
/api
pathauthcbasic, role[api]
in shiro.ini file
this works great. here details: http://blog.mikeski.net/blog_post/470
Comments
Post a Comment