Skip to content

casparderksen/shiro-jaxrs-jwt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
configure_wildlfy_logging.cli
configure_wildlfy_logging.cli
 
 
ping.sh
ping.sh
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Apache Shiro JWT integration

This project demonstrates integration of Apache Shiro, JWT and JAX-RS for authorization.

We define a Shiro JwtFilter for extracting JWT bearer tokens from the HTTP Authentication header. The JWT filter disables caching. In shiro.ini we disable the rememberMe function.

The JwtRealm authenticates principals by validating the JWT token (note that the real authentication took place before obtaining the token). Principals are authorized by extracting roles from the token, and looking up permissions associated with the role in roles.ini (same syntax as shiro.ini).

Permissions are exposed for usage in the front-end by a permissions endpoint. This endpoint returns all permissions associated with the roles in the JWT token.

TODO/wishlist:

  • Angular demo. Plan: use NPM shiro-trie, define directives for checking.
  • JEE8/MicroProfile integration
  • Quarkus integration (Vert.x, without servlet)

About

Apache Shiro JWT integration

Topics

jwt jax-rs shiro mp-jwt

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages