I am new for Apache shiro and rest web service. Based on my requirement i am creating simple POC using Shiro and rest service.
In my application i do not use any login page. simply only one TestService.java with 4 webs service method I want to control each web service method with different role through invoke the rest client. means
insertNewData() method required 'insert' role, otherwise show some error message
updateNewData() method required 'update' role , otherwise show some error message
deleteNewData() method required 'delete' role, otherwise show some error message
searchAllData() method required 'admin' role, otherwise show some error message
I have no idea about how to configure shiro.ini file for my requirement and rest configuration.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>SimpleRest</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Jersey Web Application</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey Web Application</servlet-name>
<url-pattern>/test/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping> </web-app>
/WEB-INF/shiro.ini Here how to configure the different role for web service hit
[main]
[users]
[roles]
[urls]
/index.html = anon
TestService.java
package com.simple.rest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.json.JSONException;
@Path("/testservice")
public class TestService {
@Path("/insert")
@GET
@Produces("application/json")
@RequiresRoles( "insert" )
public Response insertNewData() throws JSONException {
/**
* Here insert logic
*/
String result = "Insert data method called";
return Response.status(200).entity(result).build();
}
@Path("/update")
@GET
@Produces("application/json")
@RequiresRoles( "update" )
public Response updateNewData() throws JSONException {
/**
* Here Update logic
*/
String result = "Updated data method called";
return Response.status(200).entity(result).build();
}
@Path("/delete")
@GET
@Produces("application/json")
@RequiresRoles( "delete" )
public Response deleteNewData() throws JSONException {
/**
* Here delete logic
*/
String result = "Delete data method called";
return Response.status(200).entity(result).build();
}
@Path("/searchall")
@GET
@Produces("application/json")
@RequiresRoles( "admin" )
public Response searchNewData() throws JSONException {
/**
* Here Search logic
*/
String result = "User have admin rights. So only disply all data";
return Response.status(200).entity(result).build();
} }
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>SimpleRest</groupId>
<artifactId>SimpleRest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<jdk.version>1.7</jdk.version>
<shiro.version>1.2.4</shiro.version>
<commons-logging.version>1.2</commons-logging.version>
<logback-classic.version>1.1.3</logback-classic.version>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>${commons-logging.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback-classic.version}</version>
</dependency>
<dependency>
<groupId>asm</groupId>
<artifactId>asm</artifactId>
<version>3.3.1</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-bundle</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20140107</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-core</artifactId>
<version>1.19</version>
</dependency>
</dependencies>
<build>
<finalName>SimpleRest</finalName>
<sourceDirectory>src</sourceDirectory>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<warSourceDirectory>WebContent</warSourceDirectory>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
</plugins>
</build></project>
Please help me on this. thanks in advance
