Reputation: 3691
Shiro annotation on OSGI
I run an OSGI application on Karaf 4.0.4. This application is not a web application.
I configured Apache Shiro in order to login using a custom SecurityRealm that use the credentials stored in an SQL database. The SecurityManagerand the realm are configured using Blueprint
This part works fine.
I want to use annotations like:
@RequiresPermissions("doSomething")
@RequiresRoles("admin")
public void myMethodToDoSomething() {
...
}
Those annoations are never evaluated. (my security realm protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) method is never called.
After reading some Shiro documentation, I understand it doesn't work because I don't have the required interceptor as it's defined in the Shiro Spring turorial:
<!-- Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
But as I'm not using spring in my application, those lines won't work.
Upvotes: 0
Views: 776
Answers (1)
Reputation: 19626
You can create a blueprint namespace module. This can then hook into the blueprint beans to install an interceptor. As an example see the blueprint-authz module.
Upvotes: 2
Related Questions
- Osgi annotation processing
- use @Activate annotation in OSGI in Karaf
- Spring AOP and apache shiro configuration.Annotations not been scanned
- apache shiro Implementatation
- Shiro with SAML2 in Karaf with JAX-RS (Jersey)
- Enable Shiro annotations in Spring based application
- Karaf development
- Shiro annotation not working on JavaEE6 project
- Apache shiro implied permissions
- Shiro Annotations on a jersey resource