You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by rayman <id...@cellebrite.com> on 2013/10/16 14:15:54 UTC
Managed to authenticate but page is not auto directed.
Hi,
I managed to authenticate shiro with cas. I can even see the subject
subject.isAuthenticated() turn into 'true'
The problem is that I am not auto directed to the secured url. If I try
manually to enter the secure url address (After Authentication) I manage to
reach there. But it's not supposed to get there by default?
I am trying to reach into http://192.168.108.195:8080/secured/index.jsp
This is my web.xml configuration:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID"
version="2.5">
<display-name>rlesecuritywithtags</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
[main]
casFilter = org.apache.shiro.cas.CasFilter
casFilter.failureUrl = /unauthorized.jsp
casRealm = org.apache.shiro.cas.CasRealm
casRealm.defaultRoles = user
casRealm.casServerUrlPrefix = http://192.168.2.101:8080/cas/
casRealm.casService =
http://192.168.108.195:8080/shiro-cas/shiro-cas
casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory
securityManager.subjectFactory = $casSubjectFactory
roles.loginUrl =
http://192.168.2.101:8080/cas/login?service=http://192.168.108.195:8080/shiro-cas/shiro-cas
roles.unauthorizedUrl = /unauthorized.jsp
[urls]
/shiro-cas = casFilter
/secure/** = roles[user]
/admin/** = roles[admin]
/** = anon
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<description>Finds all users in the data store</description>
<display-name>GetAllUsers</display-name>
<servlet-name>GetAllUsers</servlet-name>
<servlet-class>name.brucephillips.somesecurity.servlet.GetAllUsers</servlet-class>
</servlet>
<servlet>
<description>
Log in user using username and password provided</description>
<display-name>
LoginUser</display-name>
<servlet-name>LoginUser</servlet-name>
<servlet-class>
name.brucephillips.somesecurity.servlet.LoginUser</servlet-class>
</servlet>
<servlet>
<description>
Logs user out</description>
<display-name>
LogoutUser</display-name>
<servlet-name>LogoutUser</servlet-name>
<servlet-class>
name.brucephillips.somesecurity.servlet.LogoutUser</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>GetAllUsers</servlet-name>
<url-pattern>/GetAllUsers</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginUser</servlet-name>
<url-pattern>/LoginUser</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LogoutUser</servlet-name>
<url-pattern>/LogoutUser</url-pattern>
</servlet-mapping>
<resource-ref>
<description>My DataSource Reference</description>
<res-ref-name>jdbc/security</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</web-app>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Managed to authenticate but page is not auto directed.
Posted by rayman <id...@cellebrite.com>.
Hi,
The "expected behavior" is that ill be re-directed to secure/index
automatically after sent back from cars secure page. The user shouldn't
press again on the secure/index link, it's supposed to be redirected to
there automatically after log in.
thanks.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579286.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Managed to authenticate but page is not auto directed.
Posted by jleleu <le...@gmail.com>.
Hi,
I just ran your demo.
I'm not sure to understand what is your problem.
I click on "secure/index", I'm redirected to CAS for login and after
successful authentication, I'm being sent back to the "secure page".
The second time I click on "secure/index", I'm directly redirected to the
"secure page" without being prompted for authentication.
It's the expected behaviour : the authentication is valid for the whole web
session.
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579281.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Managed to authenticate but page is not auto directed.
Posted by rayman <id...@cellebrite.com>.
Hi Jérôme ,
Did you have a chance to look at it?
thanks.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579276.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Managed to authenticate but page is not auto directed.
Posted by rayman <id...@cellebrite.com>.
Yes.
It's attached.
I will shortly explain again just that you understand my problem:
I have there hyper link for a secured area: secure/index
- First time you press on it you directed to cas. then you getting back to
the same page. this time isAuthenticated : true.
- Second time you press you managed to get there.
Is there a way to avoid the second press and be directed to the secured page
right away (after cas authenticaion)
Thank you.
rolesecuritywithtags.rar
<http://shiro-user.582556.n2.nabble.com/file/n7579267/rolesecuritywithtags.rar>
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579267.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Managed to authenticate but page is not auto directed.
Posted by jleleu <le...@gmail.com>.
Hi,
Would you mind sharing your final demo so I can make a real test ?
Thanks.
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Managed-to-authenticate-but-page-is-not-auto-directed-tp7579265p7579266.html
Sent from the Shiro User mailing list archive at Nabble.com.