Have you looked at dropwizard-auth ? This allows you to easily connect any authentication method (Shiro, Spring, etc.). It also supports OAuth2 if you want to go this far ...
You can implement the Shiro authenticator as follows:
public class BasicAuthenticator implements Authenticator<BasicCredentials, Subject> { @Override public Optional<Subject> authenticate(BasicCredentials credentials) throws AuthenticationException { Subject subject = SecurityUtils.getSubject(); try { subject.login(new UsernamePasswordToken(credentials.getUsername(), credentials.getPassword(), false)); return Optional.of(subject); } catch (UnknownAccountException | IncorrectCredentialsException | LockedAccountException e) { } catch (AuthenticationException ae) { } return Optional.absent(); } }
And you can register Syro with this environment (called from your run method):
void configureAuthentication(Environment environment) { JdbcRealm realm = getJdbcRealm();
And then check out a role like this:
@GET public SecretPlan getSecretPlan(@Auth Subject subject) { if (user.hasRole("secretPlanner")) { return new SecretPlan(); } else { return new NonSecretPlan(); } }