shiro icon indicating copy to clipboard operation
shiro copied to clipboard
verified publisher icon apache

[Enhancement] Improve Shiro's Spring Support

Open bdemers opened this issue 1 year ago • 6 comments

Search before asking

  • [X] I had searched in the issues and found no similar issues.

Enhancement Request

I think, it would be better for Shiro's Spring support to integrate with Spring Security (e.g. Spring Sec, delegate to Shiro), instead of as a replacement  This would reduce a lot of code, footprint, and complexity of the integration.

Describe the solution you'd like

Create a Spring Security AuthenticationProvider that delegates to Shiro.

I've hacked on this a couple of times but I ran into a few minor issues each time, and then ran out of time to continue.

I'd love to hear other thoughts on this

Are you willing to submit PR?

  • [X] Yes I am willing to submit a PR!

bdemers avatar Jul 08 '24 17:07 bdemers

I think this is a great idea!

lprimak avatar Jul 08 '24 17:07 lprimak

Supersedes #1236

lprimak avatar Jul 08 '24 19:07 lprimak

Does this mean that Shiro/Spring can finally be configured via shiro.ini as well?

lprimak avatar Jul 09 '24 04:07 lprimak

I hadn't thought about that 🤔 Possibly...

bdemers avatar Jul 09 '24 13:07 bdemers

Being compatible with Spring Security and implementing it by creating an AuthenticationProvider is indeed a good idea, but it doesn't seem to address the warning from BeanPostProcessorChecker caused by ShiroFilterFactoryBean in issue #1236.

SilenceLurker avatar Nov 01 '24 09:11 SilenceLurker

I have done this in my project , but all I have done is delegated the authentication to shiro using AuthenticationProvider and called the realm methods. All security context is managed by spring its just a pure authentication delegation.

vgaur avatar Nov 23 '25 13:11 vgaur