You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Dan Diephouse <da...@netzooid.com> on 2011/05/06 20:59:29 UTC
Spring and default filters
I'm creating a ShiroFilterFactoryBean as specified in the docs, but I've
noticed that I'm not getting any default filters created. The only way I see
that default filters are created is through the web ini configuration. How
do I get these filters created for me? I don't want to have to declare all
the filters in DefaultFilters in my spring config.
I thought I had this working before, but I was doing basic auth. What am I
missing?
Here's my config for good measure:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="successUrl" value="/index.html"/>
<!-- override these for application-specific URLs if you like: -->
<property name="unauthorizedUrl" value="/login.html"/>
<property name="filterChainDefinitions">
<value>
/api/status = anon
/api/account/create = anon
/api/** = authcBasic
/images/** = anon
/js/** = anon
/stylesheets/** = anon
/favicon.ico = anon
/signup.html = anon
/** = authc
</value>
</property>
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="ionRealm"/>
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="ionRealm"
class="com.mulesoft.ion.util.TextConfigurationRealm" init-method="init">
<property name="userDefinitions">
<value>
admin=admin
</value>
</property>
</bean>
</beans>
Thanks,
Dan
--
Dan Diephouse
http://netzooid.com/blog
Re: Spring and default filters
Posted by Dan Diephouse <da...@netzooid.com>.
On Fri, May 6, 2011 at 1:10 PM, Les Hazlewood <lh...@apache.org> wrote:
> I was really confused for a minute! Glad to see you found it :)
>
> Me too. I was like, how the hell can I write custom integration for Mule
for Shiro and not understand the basics of form authentication. I was losing
my mind! :-)
Cheers again for the great library!
Dan
--
Dan Diephouse
http://netzooid.com/blog
Re: Spring and default filters
Posted by Les Hazlewood <lh...@apache.org>.
I was really confused for a minute! Glad to see you found it :)
Cheers,
Les
On Fri, May 6, 2011 at 1:09 PM, Dan Diephouse <da...@netzooid.com> wrote:
> Ok, I found my stupid thing. I had another chain definition in another
> config somewhere that was getting picked up. $!@#. sorry for the noise!
>
> On Fri, May 6, 2011 at 1:03 PM, Dan Diephouse <da...@netzooid.com> wrote:
>>
>> Yeah, I know, I must be doing something stupid here. :-)
>> I do see that the createFilterChainManager creates the default filters.
>> Don't they need to be added to a chain though? I was stepping through the
>> debugger and my DefaultFilterChainManager doesn't have any chains defined.
>> So nothing gets invoked.
>> Dan
>>
>> On Fri, May 6, 2011 at 12:37 PM, Les Hazlewood <lh...@apache.org>
>> wrote:
>>>
>>> Hi Dan,
>>>
>>> They are being created by default. You wouldn't have been able to use
>>> the 'authcBasic' filter if they weren't being created by default,
>>> since that is defined with the other default filters.
>>>
>>> ShiroFilterFactoryBean#createFilterChainManager creates a
>>> DefaultFilterChainManager which does add the default filters to the
>>> manager's filters collection during instantiation.
>>>
>>> What gave you the indication that they weren't being created/enabled?
>>> Is there a test case that you might be able to show us that
>>> demonstrates this?
>>>
>>> Cheers,
>>>
>>> Les
>>>
>>> On Fri, May 6, 2011 at 11:59 AM, Dan Diephouse <da...@netzooid.com> wrote:
>>> > I'm creating a ShiroFilterFactoryBean as specified in the docs, but
>>> > I've
>>> > noticed that I'm not getting any default filters created. The only way
>>> > I see
>>> > that default filters are created is through the web ini configuration.
>>> > How
>>> > do I get these filters created for me? I don't want to have to declare
>>> > all
>>> > the filters in DefaultFilters in my spring config.
>>> > I thought I had this working before, but I was doing basic auth. What
>>> > am I
>>> > missing?
>>> > Here's my config for good measure:
>>> >
>>> > <bean id="shiroFilter"
>>> > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
>>> > <property name="securityManager" ref="securityManager"/>
>>> > <property name="loginUrl" value="/login.html"/>
>>> > <property name="successUrl" value="/index.html"/>
>>> > <!-- override these for application-specific URLs if you like:
>>> > -->
>>> > <property name="unauthorizedUrl" value="/login.html"/>
>>> > <property name="filterChainDefinitions">
>>> > <value>
>>> > /api/status = anon
>>> > /api/account/create = anon
>>> > /api/** = authcBasic
>>> > /images/** = anon
>>> > /js/** = anon
>>> > /stylesheets/** = anon
>>> > /favicon.ico = anon
>>> > /signup.html = anon
>>> > /** = authc
>>> > </value>
>>> > </property>
>>> > </bean>
>>> >
>>> > <bean id="securityManager"
>>> > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
>>> > <property name="realm" ref="ionRealm"/>
>>> > </bean>
>>> > <bean id="lifecycleBeanPostProcessor"
>>> > class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
>>> >
>>> > <bean id="ionRealm"
>>> > class="com.mulesoft.ion.util.TextConfigurationRealm"
>>> > init-method="init">
>>> > <property name="userDefinitions">
>>> > <value>
>>> > admin=admin
>>> > </value>
>>> > </property>
>>> > </bean>
>>> > </beans>
>>> >
>>> > Thanks,
>>> > Dan
>>> > --
>>> > Dan Diephouse
>>> > http://netzooid.com/blog
Re: Spring and default filters
Posted by Dan Diephouse <da...@netzooid.com>.
Ok, I found my stupid thing. I had another chain definition in another
config somewhere that was getting picked up. $!@#. sorry for the noise!
On Fri, May 6, 2011 at 1:03 PM, Dan Diephouse <da...@netzooid.com> wrote:
> Yeah, I know, I must be doing something stupid here. :-)
>
> I do see that the createFilterChainManager creates the default filters.
> Don't they need to be added to a chain though? I was stepping through the
> debugger and my DefaultFilterChainManager doesn't have any chains defined.
> So nothing gets invoked.
>
> Dan
>
>
> On Fri, May 6, 2011 at 12:37 PM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi Dan,
>>
>> They are being created by default. You wouldn't have been able to use
>> the 'authcBasic' filter if they weren't being created by default,
>> since that is defined with the other default filters.
>>
>> ShiroFilterFactoryBean#createFilterChainManager creates a
>> DefaultFilterChainManager which does add the default filters to the
>> manager's filters collection during instantiation.
>>
>> What gave you the indication that they weren't being created/enabled?
>> Is there a test case that you might be able to show us that
>> demonstrates this?
>>
>> Cheers,
>>
>> Les
>>
>> On Fri, May 6, 2011 at 11:59 AM, Dan Diephouse <da...@netzooid.com> wrote:
>> > I'm creating a ShiroFilterFactoryBean as specified in the docs, but I've
>> > noticed that I'm not getting any default filters created. The only way I
>> see
>> > that default filters are created is through the web ini configuration.
>> How
>> > do I get these filters created for me? I don't want to have to declare
>> all
>> > the filters in DefaultFilters in my spring config.
>> > I thought I had this working before, but I was doing basic auth. What am
>> I
>> > missing?
>> > Here's my config for good measure:
>> >
>> > <bean id="shiroFilter"
>> > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
>> > <property name="securityManager" ref="securityManager"/>
>> > <property name="loginUrl" value="/login.html"/>
>> > <property name="successUrl" value="/index.html"/>
>> > <!-- override these for application-specific URLs if you like:
>> -->
>> > <property name="unauthorizedUrl" value="/login.html"/>
>> > <property name="filterChainDefinitions">
>> > <value>
>> > /api/status = anon
>> > /api/account/create = anon
>> > /api/** = authcBasic
>> > /images/** = anon
>> > /js/** = anon
>> > /stylesheets/** = anon
>> > /favicon.ico = anon
>> > /signup.html = anon
>> > /** = authc
>> > </value>
>> > </property>
>> > </bean>
>> >
>> > <bean id="securityManager"
>> > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
>> > <property name="realm" ref="ionRealm"/>
>> > </bean>
>> > <bean id="lifecycleBeanPostProcessor"
>> > class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
>> >
>> > <bean id="ionRealm"
>> > class="com.mulesoft.ion.util.TextConfigurationRealm" init-method="init">
>> > <property name="userDefinitions">
>> > <value>
>> > admin=admin
>> > </value>
>> > </property>
>> > </bean>
>> > </beans>
>> >
>> > Thanks,
>> > Dan
>> > --
>> > Dan Diephouse
>> > http://netzooid.com/blog
>>
>
>
>
> --
> Dan Diephouse
> http://netzooid.com/blog
>
--
Dan Diephouse
http://netzooid.com/blog
Re: Spring and default filters
Posted by Dan Diephouse <da...@netzooid.com>.
Yeah, I know, I must be doing something stupid here. :-)
I do see that the createFilterChainManager creates the default filters.
Don't they need to be added to a chain though? I was stepping through the
debugger and my DefaultFilterChainManager doesn't have any chains defined.
So nothing gets invoked.
Dan
On Fri, May 6, 2011 at 12:37 PM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Dan,
>
> They are being created by default. You wouldn't have been able to use
> the 'authcBasic' filter if they weren't being created by default,
> since that is defined with the other default filters.
>
> ShiroFilterFactoryBean#createFilterChainManager creates a
> DefaultFilterChainManager which does add the default filters to the
> manager's filters collection during instantiation.
>
> What gave you the indication that they weren't being created/enabled?
> Is there a test case that you might be able to show us that
> demonstrates this?
>
> Cheers,
>
> Les
>
> On Fri, May 6, 2011 at 11:59 AM, Dan Diephouse <da...@netzooid.com> wrote:
> > I'm creating a ShiroFilterFactoryBean as specified in the docs, but I've
> > noticed that I'm not getting any default filters created. The only way I
> see
> > that default filters are created is through the web ini configuration.
> How
> > do I get these filters created for me? I don't want to have to declare
> all
> > the filters in DefaultFilters in my spring config.
> > I thought I had this working before, but I was doing basic auth. What am
> I
> > missing?
> > Here's my config for good measure:
> >
> > <bean id="shiroFilter"
> > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> > <property name="securityManager" ref="securityManager"/>
> > <property name="loginUrl" value="/login.html"/>
> > <property name="successUrl" value="/index.html"/>
> > <!-- override these for application-specific URLs if you like:
> -->
> > <property name="unauthorizedUrl" value="/login.html"/>
> > <property name="filterChainDefinitions">
> > <value>
> > /api/status = anon
> > /api/account/create = anon
> > /api/** = authcBasic
> > /images/** = anon
> > /js/** = anon
> > /stylesheets/** = anon
> > /favicon.ico = anon
> > /signup.html = anon
> > /** = authc
> > </value>
> > </property>
> > </bean>
> >
> > <bean id="securityManager"
> > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> > <property name="realm" ref="ionRealm"/>
> > </bean>
> > <bean id="lifecycleBeanPostProcessor"
> > class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
> >
> > <bean id="ionRealm"
> > class="com.mulesoft.ion.util.TextConfigurationRealm" init-method="init">
> > <property name="userDefinitions">
> > <value>
> > admin=admin
> > </value>
> > </property>
> > </bean>
> > </beans>
> >
> > Thanks,
> > Dan
> > --
> > Dan Diephouse
> > http://netzooid.com/blog
>
--
Dan Diephouse
http://netzooid.com/blog
Re: Spring and default filters
Posted by Les Hazlewood <lh...@apache.org>.
Hi Dan,
They are being created by default. You wouldn't have been able to use
the 'authcBasic' filter if they weren't being created by default,
since that is defined with the other default filters.
ShiroFilterFactoryBean#createFilterChainManager creates a
DefaultFilterChainManager which does add the default filters to the
manager's filters collection during instantiation.
What gave you the indication that they weren't being created/enabled?
Is there a test case that you might be able to show us that
demonstrates this?
Cheers,
Les
On Fri, May 6, 2011 at 11:59 AM, Dan Diephouse <da...@netzooid.com> wrote:
> I'm creating a ShiroFilterFactoryBean as specified in the docs, but I've
> noticed that I'm not getting any default filters created. The only way I see
> that default filters are created is through the web ini configuration. How
> do I get these filters created for me? I don't want to have to declare all
> the filters in DefaultFilters in my spring config.
> I thought I had this working before, but I was doing basic auth. What am I
> missing?
> Here's my config for good measure:
>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager"/>
> <property name="loginUrl" value="/login.html"/>
> <property name="successUrl" value="/index.html"/>
> <!-- override these for application-specific URLs if you like: -->
> <property name="unauthorizedUrl" value="/login.html"/>
> <property name="filterChainDefinitions">
> <value>
> /api/status = anon
> /api/account/create = anon
> /api/** = authcBasic
> /images/** = anon
> /js/** = anon
> /stylesheets/** = anon
> /favicon.ico = anon
> /signup.html = anon
> /** = authc
> </value>
> </property>
> </bean>
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="realm" ref="ionRealm"/>
> </bean>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
>
> <bean id="ionRealm"
> class="com.mulesoft.ion.util.TextConfigurationRealm" init-method="init">
> <property name="userDefinitions">
> <value>
> admin=admin
> </value>
> </property>
> </bean>
> </beans>
>
> Thanks,
> Dan
> --
> Dan Diephouse
> http://netzooid.com/blog