List of usage examples for org.apache.shiro.guice.web ShiroWebModule guiceFilterModule
public static ServletModule guiceFilterModule(final String pattern)
From source file:org.apache.aurora.scheduler.http.api.security.ApiSecurityModule.java
License:Apache License
private void doConfigureServlets() { install(ShiroWebModule.guiceFilterModule(ApiModule.API_PATH)); install(new ShiroWebModule(getServletContext()) { @Override//from w w w. j ava 2s . c om @SuppressWarnings("unchecked") protected void configureShiroWeb() { for (Module module : shiroConfigurationModules) { // We can't wrap this in a PrivateModule because Guice Multibindings don't work with them // and we need a Set<Realm>. install(module); } switch (HTTP_AUTHENTICATION_MECHANISM.get()) { case BASIC: addFilterChain("/**", ShiroWebModule.NO_SESSION_CREATION, config(ShiroWebModule.AUTHC_BASIC, BasicHttpAuthenticationFilter.PERMISSIVE)); break; case NEGOTIATE: addFilterChain("/**", ShiroWebModule.NO_SESSION_CREATION, Key.get(ShiroKerberosAuthenticationFilter.class)); break; default: addError("Unrecognized HTTP authentication mechanism."); break; } } }); bindConstant().annotatedWith(Names.named("shiro.applicationName")).to(HTTP_REALM_NAME); // TODO(ksweeney): Disable session cookie. // TODO(ksweeney): Disable RememberMe cookie. install(new ShiroAopModule()); // It is important that authentication happen before authorization is attempted, otherwise // the authorizing interceptor will always fail. MethodInterceptor authenticatingInterceptor = new ShiroAuthenticatingThriftInterceptor(); requestInjection(authenticatingInterceptor); bindInterceptor(Matchers.subclassesOf(AuroraSchedulerManager.Iface.class), AURORA_SCHEDULER_MANAGER_SERVICE.or(AURORA_ADMIN_SERVICE), authenticatingInterceptor); MethodInterceptor apiInterceptor = new ShiroAuthorizingParamInterceptor(THRIFT_AURORA_SCHEDULER_MANAGER); requestInjection(apiInterceptor); bindInterceptor(Matchers.subclassesOf(AuroraSchedulerManager.Iface.class), AURORA_SCHEDULER_MANAGER_SERVICE, apiInterceptor); MethodInterceptor adminInterceptor = new ShiroAuthorizingInterceptor(THRIFT_AURORA_ADMIN); requestInjection(adminInterceptor); bindInterceptor(Matchers.subclassesOf(AnnotatedAuroraAdmin.class), AURORA_ADMIN_SERVICE, adminInterceptor); }
From source file:org.atteo.moonshine.shiro.ShiroService.java
License:Apache License
@Override public Module configure() { return new PrivateModule() { @Override//from www . jav a 2 s. c o m protected void configure() { install(new ShiroModule() { @Override protected void configureShiro() { Multibinder<Realm> setBinder = Multibinder.newSetBinder(binder(), Realm.class); for (RealmService realm : realms) { if (realm.getId() == null) { setBinder.addBinding().to(Realm.class); } else { setBinder.addBinding().to(Key.get(Realm.class, Names.named(realm.getId()))); } } try { // Guice will initialize manager with list of realms bind(WebSecurityManager.class) .toConstructor(DefaultWebSecurityManager.class.getConstructor(Collection.class)) .asEagerSingleton(); } catch (NoSuchMethodException e) { addError(e); } expose(WebSecurityManager.class); } @Override protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) { // make configurable bind.to(DefaultWebSessionManager.class).asEagerSingleton(); } }); FilterChainResolver filterChainResolver = new FilterChainResolver() { @Override public FilterChain getChain(ServletRequest request, ServletResponse response, FilterChain chain) { return null; } }; bind(FilterChainResolver.class).toInstance(filterChainResolver); bind(GuiceShiroFilter.class).asEagerSingleton(); install(ShiroWebModule.guiceFilterModule(prefix)); if (aop) { install(new ShiroAopModule()); } expose(SecurityManager.class); expose(WebSecurityManager.class); } }; }