I am trying to secure my Spring Web MVC project using Apache Shiro and Stormpath. I went through some tutorials on the web and got an example configuration through shiro.ini file example, and also configuring Shiro through Spring's applicationContext.xml. I am trying to get the same results from both the methods. Here's the shiro.ini file:
[main]
shiro.loginUrl = admin/login.htm
authc.successUrl = /admin/index.htm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
stormpathClient = com.stormpath.shiro.client.ClientFactory
stormpathClient.cacheManager = $cacheManager
stormpathClient.apiKeyFileLocation = $HOME/.stormpath/apiKey.properties
stormpathRealm = com.stormpath.shiro.realm.ApplicationRealm
stormpathRealm.client = $stormpathClient
stormpathRealm.applicationRestUrl = https://api.stormpath.com/v1/applications/
stormpathRealm.groupRoleResolver.modeNames = name
securityManager.realm = $stormpathRealm
[urls]
/admin/** = authc
/logout.htm = logout
and here's the bean definations in the applicationContext.xml file:
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/admin/login.htm"/>
<property name="successUrl" value="/admin/index.htm"/>
<!-- override these for application-specific URLs if you like:
<property name="unauthorizedUrl" value="/unauthorized.jsp"/> -->
<!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean -->
<!-- defined will be automatically acquired and available via its beanName in chain -->
<!-- definitions, but you can perform instance overrides or name aliases here if you like: -->
<!-- <property name="filters">
<util:map>
<entry key="anAlias" value-ref="someFilter"/>
</util:map>
</property> -->
<property name="filterChainDefinitions">
<value>
/admin/** = authc, roles[admin]
/logout.htm = logout
# some example chain definitions:
#/docs/** = authc, perms[document:read]
#/** = authc
# more URL-to-FilterChain definitions here
</value>
</property>
</bean>
<!-- Define any javax.servlet.Filter beans you want anywhere in this application context. -->
<!-- They will automatically be acquired by the 'shiroFilter' bean above and made available -->
<!-- to the 'filterChainDefinitions' property. Or you can manually/explicitly add them -->
<!-- to the shiroFilter's 'filters' Map if desired. See its JavaDoc for more details. -->
<!--<bean id="someFilter" class="..."/>
<bean id="anotherFilter" class="..."> ... </bean>
-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<property name="realm" ref="myRealm"/>
<property name="cacheManager" ref="cacheManager"/>
<!-- By default the servlet container sessions will be used. Uncomment this line
to use shiro's native sessions (see the JavaDoc for more): -->
<!-- <property name="sessionMode" value="native"/> -->
</bean>
<bean id="stormpathClient" class="com.stormpath.shiro.client.ClientFactory">
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<property name="cacheManager" ref="cacheManager"/>
<property name="apiKeyFileLocation" value="$HOME/.stormpath/apiKey.properties"/>
<!-- By default the servlet container sessions will be used. Uncomment this line
to use shiro's native sessions (see the JavaDoc for more): -->
<!-- <property name="sessionMode" value="native"/> -->
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
<!-- security datasource: -->
<bean id="myRealm" class="com.stormpath.shiro.realm.ApplicationRealm">
<property name="applicationRestUrl" value="https://api.stormpath.com/v1/applications/<my app key here removed for privacy>"/>
<property name="client" ref="stormpathClient"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager" />
I keep getting error saying:
Cannot convert value of type [com.stormpath.shiro.client.ClientFactory] to required type [com.stormpath.sdk.client.Client] for property 'client': no matching editors or conversion strategy found
This maybe because of incomplete maven dependency:
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-spring -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.0-RC2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.stormpath.shiro/stormpath-shiro-core -->
<dependency>
<groupId>com.stormpath.shiro</groupId>
<artifactId>stormpath-shiro-core</artifactId>
<version>0.8.0-RC1</version>
</dependency>
Can someone suggest the dependencies required to achieve this.
You might be missing the factory-bean / factory-method elements in your XML.
On a side note, the easiest way to get started with Apache Shiro and Stormpath is to take a look at one of the examples In your case probably the spring-boot-web one.
Using Spring's auto configuration via the shiro-spring-boot-starter, you should only need to worry about your method annotations.