noon
Hi Marcelo, that example is not fully complete, was just to showcase that the same could
be achieved without AG Security. Also, I strongly recommend you to change and adapt to
your real scenario.
I did the test to reproduce the issue here
(https://github.com/abstractj/example-jaxrs-shiro):
- Register Lisa and Bart
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"bart","password":"123"}' -X
POST http://localhost:8080/example-jaxrs-shiro/rest/auth/enroll
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"lisa","password":"123"}' -X
POST http://localhost:8080/example-jaxrs-shiro/rest/auth/enroll
- Login with Lisa and Bart
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"bart","password":"123"}' -X
POST http://localhost:8080/example-jaxrs-shiro/rest/auth/login
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"lisa","password":"123"}' -X
POST http://localhost:8080/example-jaxrs-shiro/rest/auth/login
Maybe the session is not being closed during logout, not sure. For specifics to Shiro,
please ask at http://shiro-user.582556.n2.nabble.com
--
abstractj
On April 7, 2014 at 1:24:03 PM, marceloheck (marceloheck(a)gmail.com) wrote:
hello , sorry , i will try to explain
a changed project jaxrs shiro to running WildFly 8.0.0.Final:
remove interface IdentityManagement
interceptor jar web.xml
org.jboss.aerogear.security.interceptor.SecurityInterceptor
and change IdentityManagementImpl
@ShiroSecurity //for Secure.java
@Default
@ApplicationScoped
public class* IdentityManagementImpl* implements IdentityManagement {
@Override
public boolean hasRoles(Set roles) {
return subject.hasAllRoles(roles);
}
...
i changed service/
@GET
@Path("/bacon")
@Produces(MediaType.APPLICATION_JSON)
@Secure("simple")
public List bacons() {
return Arrays.asList(new String[]{"bacon", "Jowl",
"Canadian",
"Speck", "Pancetta"});
}
@GET
@Path("/livre")
@Produces(MediaType.APPLICATION_JSON)
public List livre() {
return Arrays.asList(new String[]{"livre", "Jowl",
"Canadian",
"Speck", "Pancetta"});
}
@GET
@Path("/cerveja")
@Produces(MediaType.APPLICATION_JSON)
@Secure("admin")
public List beers() {
return Arrays.asList(new String[]{"cerveja", "California",
"Michigan", "Ireland", "British"});
}
my problem in login and autorization service
i login (mar is role "simple")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"mar","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
and is ok
but
another pc
i login (adm is role "adm")
curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H
"Content-type: application/json" -d
'{"loginName":"adm","password":"123"}'
-X POST http://localhost:8080/appteste/rest/auth/login
HTTP 200: Authorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja
HTTP 401: Unauthorized
curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon
is ok
now i request again user mar , mar not access rest
two users not login in one application
in mobile too
--
View this message in context:
http://aerogear-dev.1069024.n5.nabble.com/aerogear-security-and-android-t...
Sent from the aerogear-dev mailing list archive at Nabble.com.
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev