You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by rayman <id...@cellebrite.com> on 2013/10/16 14:15:54 UTC

Managed to authenticate but page is not auto directed.

Hi,
I managed to authenticate shiro with cas. I can even see the subject
subject.isAuthenticated() turn into 'true'

The problem is that I am not auto directed to the secured url. If I try
manually to enter the secure url address (After Authentication) I manage to
reach there. But it's not supposed to get there by default?


I am trying to reach into http://192.168.108.195:8080/secured/index.jsp 

This is my web.xml configuration:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
  <display-name>rlesecuritywithtags</display-name>
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
  
  <filter>
        <filter-name>ShiroFilter</filter-name>
       
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
        <init-param>
            <param-name>config</param-name>
            <param-value>

                [main]
                casFilter = org.apache.shiro.cas.CasFilter
                casFilter.failureUrl = /unauthorized.jsp


                casRealm = org.apache.shiro.cas.CasRealm
                casRealm.defaultRoles = user
                casRealm.casServerUrlPrefix = http://192.168.2.101:8080/cas/
                casRealm.casService =
http://192.168.108.195:8080/shiro-cas/shiro-cas

                casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
                securityManager.subjectFactory = $casSubjectFactory


                roles.loginUrl =
http://192.168.2.101:8080/cas/login?service=http://192.168.108.195:8080/shiro-cas/shiro-cas

                roles.unauthorizedUrl = /unauthorized.jsp

                [urls]
                /shiro-cas = casFilter
               	/secure/** = roles[user]
				/admin/** =  roles[admin]
                /** = anon




            </param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>ShiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  <servlet>
    <description>Finds all users in the data store</description>
    <display-name>GetAllUsers</display-name>
    <servlet-name>GetAllUsers</servlet-name>
   
<servlet-class>name.brucephillips.somesecurity.servlet.GetAllUsers</servlet-class>
  </servlet>
  <servlet>
  	<description>
  	Log in user using username and password provided</description>
  	<display-name>
  	LoginUser</display-name>
  	<servlet-name>LoginUser</servlet-name>
  	<servlet-class>
  	name.brucephillips.somesecurity.servlet.LoginUser</servlet-class>
  </servlet>
  <servlet>
  	<description>
  	Logs user out</description>
  	<display-name>
  	LogoutUser</display-name>
  	<servlet-name>LogoutUser</servlet-name>
  	<servlet-class>
  	name.brucephillips.somesecurity.servlet.LogoutUser</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>GetAllUsers</servlet-name>
    <url-pattern>/GetAllUsers</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  	<servlet-name>LoginUser</servlet-name>
  	<url-pattern>/LoginUser</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  	<servlet-name>LogoutUser</servlet-name>
  	<url-pattern>/LogoutUser</url-pattern>
  </servlet-mapping>
  <resource-ref>
        <description>My DataSource Reference</description>
        <res-ref-name>jdbc/security</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
        <res-sharing-scope>Shareable</res-sharing-scope>
    </resource-ref>
  
</web-app>




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Managed to authenticate but page is not auto directed.

Posted by rayman <id...@cellebrite.com>.

Hi,
The "expected behavior" is that ill be re-directed to secure/index
automatically after sent back from cars secure page. The user shouldn't
press again on the secure/index link, it's supposed to be redirected to
there automatically after log in.

thanks.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579286.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Managed to authenticate but page is not auto directed.

Posted by jleleu <le...@gmail.com>.

Hi,

I just ran your demo.
I'm not sure to understand what is your problem.
I click on "secure/index", I'm redirected to CAS for login and after
successful authentication, I'm being sent back to the "secure page".
The second time I click on "secure/index", I'm directly redirected to the
"secure page" without being prompted for authentication.
It's the expected behaviour : the authentication is valid for the whole web
session.
Best regards,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579281.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Managed to authenticate but page is not auto directed.

Posted by rayman <id...@cellebrite.com>.

Hi Jérôme ,
Did you have a chance to look at it?
thanks.




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579276.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Managed to authenticate but page is not auto directed.

Posted by rayman <id...@cellebrite.com>.

Yes.
It's attached.

I will shortly explain again just that you understand my problem:

 I have there hyper link for a secured area: secure/index

- First time you press on it you directed to cas. then you getting back to
the same page. this time isAuthenticated : true.

- Second time you press you managed to get there.

Is there a way to avoid the second press and be directed to the secured page
right away (after cas authenticaion)


Thank you.

rolesecuritywithtags.rar
<http://shiro-user.582556.n2.nabble.com/file/n7579267/rolesecuritywithtags.rar>  



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579267.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Managed to authenticate but page is not auto directed.

Posted by jleleu <le...@gmail.com>.

Hi,

Would you mind sharing your final demo so I can make a real test ?
Thanks.
Best regards,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579266.html
Sent from the Shiro User mailing list archive at Nabble.com.