You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Nagaraju Kurma <na...@enhancesys.com> on 2013/07/22 11:47:44 UTC
UNABLE TO UNDERSTAND THE EXECUTION FLOW
i am the apache shiro security API starter........
i downloaded the api zip file andd got the ref applications...
as of now i dont want to maintain any realm, databases for the customized
auths so that i am using shiro.ini file.
for the shiroFilter i am configuring loginUrl, successUrl, unauthorizedUrl
which are applicable for authc even. but only the loginUrl is working but
successUrl ....etc not working.
sometimes successUrl works i am not understanding whats the cause.
for the for login it is giving 404 error, when i click back button and
entered uername,password and login then its working and logging in.........
soo many wonderings pls anybody there to help.... i am sending complte
application conf pls trace out my problem
in this my configuration in web.xml
---------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>spring-sample.webapp.root</param-value>
</context-param>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>springServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/WEB-INF/jsp/redirect.jsp</welcome-file>
</welcome-file-list>
</web-app>
in spring-servlet.xml
-------------------------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
">
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
in applicationContext.xml
-------------------------------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
">
<context:component-scan base-package="com.ini.controller" />
<import resource="spring-servlet.xml" />
<bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm">
<constructor-arg value="classpath:shiro.ini" type="java.lang.String" />
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="iniRealm"></property>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login"></property>
--------> works from 2nd login
<property name="successUrl" value="/success"></property>
--------->rarely 1 out od 10 attempts
<property name="filterChainDefinitions">
<value>
/logout = logout
/** = authc
</value>
</property>
</bean>
</beans>
home.jsp
---------------
<%@ include file="include.jsp"%>
<html>
<head>
<title>Apache Shiro Quickstart</title>
</head>
<body>
<h1>Apache Shiro Quickstart</h1>
<p>
Hi
<shiro:guest>Guest</shiro:guest>
<shiro:user>
<shiro:principal />
</shiro:user>
! (
<shiro:user>
<a href="logout">Log out</a>
</shiro:user>
<shiro:guest>
<a href="login">Log in</a> (sample accounts provided)</shiro:guest>
)
</p>
<p>Welcome to the Apache Shiro Quickstart sample application. This
page represents the home page of any web application.</p>
<h2>Roles</h2>
<p>To show some taglibs, here are the roles you have and don't
have. Log out and log back in under different user accounts to see
different roles.</p>
<h3>Roles you have</h3>
<p>
<shiro:hasRole name="admin">admin<br />
</shiro:hasRole>
<shiro:hasRole name="president">president<br />
</shiro:hasRole>
<shiro:hasRole name="darklord">darklord<br />
</shiro:hasRole>
<shiro:hasRole name="goodguy">goodguy<br />
</shiro:hasRole>
<shiro:hasRole name="schwartz">schwartz<br />
</shiro:hasRole>
</p>
<h3>Roles you DON'T have</h3>
<p>
<shiro:lacksRole name="admin">admin<br />
</shiro:lacksRole>
<shiro:lacksRole name="president">president<br />
</shiro:lacksRole>
<shiro:lacksRole name="darklord">darklord<br />
</shiro:lacksRole>
<shiro:lacksRole name="goodguy">goodguy<br />
</shiro:lacksRole>
<shiro:lacksRole name="schwartz">schwartz<br />
</shiro:lacksRole>
</p>
</body>
</html>
include.jsp
-------------------
<%@ page import="org.apache.shiro.SecurityUtils" %>
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
index.jsp
---------------
<jsp:forward page="home.jsp"/>
login.jsp
---------------
<%@ include file="include.jsp"%>
<html>
<head>
<script type="text/javascript">
function focusCur() {
document.getElementById("username").focus();
}
</script>
</head>
<body onload="focusCur()">
<h2>Please Log in</h2>
<shiro:guest>
<p>Here are a few sample accounts to play with in the default
text-based Realm (used for this demo and test installs only). Do you
remember the movie these names came from? ;)</p>
<style type="text/css">
table.sample {
border-width: 1px;
border-style: outset;
border-color: blue;
border-collapse: separate;
background-color: rgb(255, 255, 240);
}
table.sample th {
border-width: 1px;
padding: 1px;
border-style: none;
border-color: blue;
background-color: rgb(255, 255, 240);
}
table.sample td {
border-width: 1px;
padding: 1px;
border-style: none;
border-color: blue;
background-color: rgb(255, 255, 240);
}
</style>
<table class="sample">
<thead>
<tr>
<th>Username</th>
<th>Password</th>
</tr>
</thead>
<tbody>
<tr>
<td>root</td>
<td>secret</td>
</tr>
<tr>
<td>presidentskroob</td>
<td>12345</td>
</tr>
<tr>
<td>darkhelmet</td>
<td>ludicrousspeed</td>
</tr>
<tr>
<td>lonestarr</td>
<td>vespa</td>
</tr>
</tbody>
</table>
<br />
<br />
</shiro:guest>
<form action="login" method="post">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username"
maxlength="30"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30"></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit"
name="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
LoginController.java
----------------------------
package com.ini.controller;
import org.apache.shiro.SecurityUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class LoginController {
@RequestMapping(value = "/success", method = RequestMethod.GET)
public String home() {
System.out.println("home() : GET");
return "home";
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String form() {
System.out.println("login() : GET");
return "login";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login() {
System.out.println("login() : POST");
SecurityUtils.getSubject().getSession();
return "home";
}
}
shiro.ini file --------------------> placed in src/shiro.ini (in
appContext.xml reading from classpath:/.........)
------------------
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# INI configuration is very powerful and flexible, while still remaining
succinct.
# Please http://shiro.apache.org/configuration.html and
# http://shiro.apache.org/web.html for more.
[main]
shiro.loginUrl = /login.jsp
[users]
# format: username = password, role1, role2, ..., roleN
root = secret,admin
guest = guest,guest
presidentskroob = 12345,president
darkhelmet = ludicrousspeed,darklord,schwartz
lonestarr = vespa,goodguy,schwartz
[roles]
# format: roleName = permission1, permission2, ..., permissionN
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5
[urls]
# The /login.jsp is not restricted to authenticated users (otherwise no one
could log in!), but
# the 'authc' filter must still be specified for it so it can process that
url's
# login submissions. It is 'smart' enough to allow those requests through
as specified by the
# shiro.loginUrl above.
/login.jsp = authc
/logout = logout
/account/** = authc
/remoting/** = authc, roles[b2bClient], perms["remote:invoke:lan,wan"]
please suggest me by finding the mistakes...
any help is appreciated.
thanking u:)
--
Regards,****
Nagaraju.