You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by AndyW <an...@gmail.com> on 2012/12/17 11:06:33 UTC
Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Hello,
I'm trying to set up a new project using Shiro with Guice, Jersey, Jetty,
and a custom realm. I'm trying to use Guice to configure Shiro instead of an
ini file.
The problem I'm having is with using AUTHC for form based authentication.
When I use AUTHC_BASIC, the browser based authentication works just as
expected, but I need to change it to form based.
When I use AUTHC, Shiro correctly identifies when I request a protected
resource, and redirects to login.jsp. All good so far, but when I submit the
login form the login.jsp page reloads, and there's no indication that my
realm has been accessed.
This feels like I'm making a schoolboy error here, but I've gone around in
circles for hours and read the samples at
http://svn.apache.org/repos/asf/shiro/trunk/samples/guice/ as well as every
similar post I can find, without getting anywhere! I would be very grateful
if someone could give me a hand.
Here's some of my code that I think is relevant (sorry if I've missed out
anything useful, please let me know) - hopefully the glaring error will be
obvious. I'm sure a lot of it will be recognisable from a mash of online
examples!
** My GuiceServletContextListener
** My Jetty/Guice bootstrap:
** My login.jsp:
Sorry if this has been a bit on the long side - thanks for reading this far.
Really, any help would be appreciated.
Thanks,
Andy.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by AndyW <an...@gmail.com>.
This works great, thanks Milan.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065p7578113.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by Milan Baran <mi...@gmail.com>.
Hi,
check my pull request on github. Hope, it will work for you.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065p7578112.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by AndyW <an...@gmail.com>.
Hi Jared, and anyone else who might be interested in getting Shiro, Guice and
Jetty to play nicely together. I've stripped this down to a very simple web
app that demonstrates the problem I'm facing, and published the source onto
github at https://github.com/AndyWi/GuiceJerseyJettyShiroExample. Please
feel free to take a look if you're interested - I'd be very appreciative of
any feedback, especially if it helps me get past this massive roadblock. I
can't quite yet believe that Form based authentication isn't possible in the
Guice-Jersey-Jetty-Shiro stack, but I've been struggling with this for a few
weeks now and unfortunately I'm starting to come to that conclusion.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065p7578107.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by Jared Bunting <ja...@peachjean.com>.
I'm not sure at this point. It sounds like it's an issue with your
Jersey setup which, unfortunately, I'm not overly familiar with. To
troubleshoot, I would probably comment out the shiro filter and see
what works. If it works with the Shiro filter commented out, but not
with it enabled, then the next step would be to ensure that Shiro is
actually redirecting to the correct location.
-Jared
On Tue 18 Dec 2012 04:26:55 AM CST, AndyW wrote:
> Hi Jared,
>
> Thanks a lot for your reply, it was very useful and helped me move onto my
> next problem! Following your advice, I added this to my bootstrap:
>
>
>
> I then realised that my Jersey setup needed to be changed as well, so I
> replaced this (in createJerseyServletModule):
>
>
>
> with this:
>
>
>
> So, now Shiro intercepts my service call, redirects to login.jsp, takes my
> submitted login details, passes it to my custom realm, which authenticates
> the user and then finally I'm redirected back to my original service call.
>
> A lot of progress there, but now when I reach the service call after being
> authenticated, I get a 404 with Jetty claiming the service can't be found.
> This continues until the globalSessionTimeout is reached, after which my
> service calls then get redirected back to login.jsp.
>
> I'm missing something again! Can you point me in the right direction again
> please?
>
> Thanks,
> Andy.
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065p7578069.html
> Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by AndyW <an...@gmail.com>.
Hi Jared,
Thanks a lot for your reply, it was very useful and helped me move onto my
next problem! Following your advice, I added this to my bootstrap:
I then realised that my Jersey setup needed to be changed as well, so I
replaced this (in createJerseyServletModule):
with this:
So, now Shiro intercepts my service call, redirects to login.jsp, takes my
submitted login details, passes it to my custom realm, which authenticates
the user and then finally I'm redirected back to my original service call.
A lot of progress there, but now when I reach the service call after being
authenticated, I get a 404 with Jetty claiming the service can't be found.
This continues until the globalSessionTimeout is reached, after which my
service calls then get redirected back to login.jsp.
I'm missing something again! Can you point me in the right direction again
please?
Thanks,
Andy.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065p7578069.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Problem setting up form based authentication with Shiro, Guice,
Jersey, Jetty, no shiro.ini
Posted by Jared Bunting <ja...@peachjean.com>.
It looks like your GuiceFilter isn't registered to process login.jsp. This
means that despite AUTHC being registered for login.jsp, it will never be
able to handle that submission since ShiroFilter doesn't see it.
Hope that helps,
Jared
On Dec 17, 2012 4:07 AM, "AndyW" <an...@gmail.com> wrote:
> Hello,
>
> I'm trying to set up a new project using Shiro with Guice, Jersey, Jetty,
> and a custom realm. I'm trying to use Guice to configure Shiro instead of
> an
> ini file.
>
> The problem I'm having is with using AUTHC for form based authentication.
> When I use AUTHC_BASIC, the browser based authentication works just as
> expected, but I need to change it to form based.
>
> When I use AUTHC, Shiro correctly identifies when I request a protected
> resource, and redirects to login.jsp. All good so far, but when I submit
> the
> login form the login.jsp page reloads, and there's no indication that my
> realm has been accessed.
>
> This feels like I'm making a schoolboy error here, but I've gone around in
> circles for hours and read the samples at
> http://svn.apache.org/repos/asf/shiro/trunk/samples/guice/ as well as
> every
> similar post I can find, without getting anywhere! I would be very grateful
> if someone could give me a hand.
>
> Here's some of my code that I think is relevant (sorry if I've missed out
> anything useful, please let me know) - hopefully the glaring error will be
> obvious. I'm sure a lot of it will be recognisable from a mash of online
> examples!
>
> ** My GuiceServletContextListener
>
>
> ** My Jetty/Guice bootstrap:
>
>
>
> ** My login.jsp:
>
>
>
> Sorry if this has been a bit on the long side - thanks for reading this
> far.
> Really, any help would be appreciated.
>
> Thanks,
> Andy.
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Problem-setting-up-form-based-authentication-with-Shiro-Guice-Jersey-Jetty-no-shiro-ini-tp7578065.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>