Authenticate Rest API with Apache Shiro

0
votes

I have a Rest API backend (Rest based) which I want to secure now. I have looked into both Spring Security (for which I know implementation) and Apache Shiro. After learning that how shiro has a easy to use API, I want to implement it. However, there are no clear authorization tutorials to do this as I wanted to implement not just Basic Auth but Digest Authentication to have a more secured api. I have read that shiro has support for it. Also, I want to store my username and passwords in a databse and not in the ini file of shiro as shown in examples. Can anyone help me with this implementation? I have used Spring Rest for my apis.

Any suitable tutorial will help.

1
springrestbasic-authenticationshirodigest-authentication
Why don't you go for Spring Security? Seems to be the obvious choice. - cassiomolin
Yes, I went with Spring Security after doing a lot of digging. Thanks for your comment - nbnb

1 Answers

1
votes

There are no digest examples yet in the Shiro samples dir. It can be done, but you would need to dig it a bit (take a look how the BasicHttpAuthenticationFilter works)

As for storing your users in a Database (or anywhere for that matter) Shiro uses the term realm for this. Here is an example gist that uses the JdbcRealm.