I run an OSGI application on Karaf 4.0.4. This application is not a web application.
I configured Apache Shiro in order to login using a custom SecurityRealm that use the credentials stored in an SQL database. The SecurityManagerand the realm are configured using Blueprint
This part works fine.
I want to use annotations like:
@RequiresPermissions("doSomething")
@RequiresRoles("admin")
public void myMethodToDoSomething() {
...
}
Those annoations are never evaluated. (my security realm protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) method is never called.
After reading some Shiro documentation, I understand it doesn't work because I don't have the required interceptor as it's defined in the Shiro Spring turorial:
<!-- Enable Shiro Annotations for Spring-configured beans. Only run after -->
<!-- the lifecycleBeanProcessor has run: -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
But as I'm not using spring in my application, those lines won't work.
You can create a blueprint namespace module. This can then hook into the blueprint beans to install an interceptor. As an example see the blueprint-authz module.