Apache Shiro – HTTP auth and Form auth in same project

I wanted a way to do regular form auth with an application. The idea is that regular users would use form authentication, and API users could use Simple HTTP authorization.

I had a REST service that I exposed at 2 different URLs by creating 2 Application classes extending javax.ws.rs.Application and using

javax.ws.rs.ApplicationPath;

to expose 2 different URLs. The first is at /rest and the second is at /api. Now, in the shiro.ini I setup a different filter for each path, and to access /rest you have to be logged in via form auth, and to access /api you must be logged in with HTTP Simple authentication.

I implemented a custom AuthorizationRealm and added the api role to the users that can access the API.

That works great, and simplifies any API connections by allowing Simple auth. Simple auth should also force SSH because it is not secure over clear HTTP, but that’s well documented by the Shiro project. There will be a post coming soon about how to implement a custom AuthorizingRealm to use your own DAOs to lookup users, but it is only 3 methods and is pretty straightforward.

Spring Date converter using @InitBinder annotation

Here’s code for a controller to allow Spring to process dates properly.

Java Convert List to JSON

This requires the jackson databind lib, here’s the maven dependency:

Postgres on Openshift Java Application

Using an openshift JBoss/Postgres setup trying to create a webapp with a postgres database.

Turns out that the openshift ${OPENSHIFT_POSTGRESQL_DB_URL} variable does not work with the postgres 9.2 JDBC driver.

It’s broken.

The URL should be: jdbc:postgres://hostname:port/database. The URL provided by openshift is not that format.

Note also that SSL is not supported by the database server.

Here is the properties placeholder I’m using with Spring.

driver_class=org.postgresql.Driver
url=jdbc:postgresql://x.y.z.a:5432/
username=nottherealusername
password=thepasswordforpgsql

I know that the system creates a JNDI connection, but my maven build copies a properties file if the Openshift profile is run, and copies a different properties file if it’s building locally. This allows the proper database connection to be made depending on where it is built.

Java MD5 with no external dependencies

How to generate an MD5 sum with Java – no external dependencies.

To run the file, do:

javac T.java && java T

Or
javac T.java
java T