You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Albert Kam <mo...@gmail.com> on 2013/07/14 15:17:51 UTC
Keeps redirecting to the login page after successful login
The login seems to be successful from the output of the logs of my custom
realm,
but it keeps redirecting to the login page as if it were not successful.
I do not do a programmatical login, but rather use the shiro filter, add
the login form, define the login url, and make use of authc.
My suspect is my realm, because it seems like the other configurations are
very similar to may working examples available on the net.
Please take a look and share what you think ?
Here's my custom realm :
@Service
@Scope("singleton")
public class MyCustomRealm extends AuthenticatingRealm {
@Autowired private UserRepository repository;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
SimpleAuthenticationInfo authInfo = null;
System.out.println("starting doGetAuthenticationInfo");
if (token instanceof UsernamePasswordToken) {
User user =
this.repository.findByName(((UsernamePasswordToken)token).getUsername());
authInfo = new SimpleAuthenticationInfo(user.getUserName(),
user.getHashedPassword(), user.getSalt(), "myCustomRealm");
}
return authInfo;
}
}
Here's the log output after login :
starting doGetAuthenticationInfo
user found albert-kam
returning an authInfo
----header---
host=[myapp.com:8080]
connection=[keep-alive]
cache-control=[max-age=0]
accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
user-agent=[Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/28.0.1500.71 Safari/537.36]
referer=[http://myapp.com:8080/login;JSESSIONID=51e29f141aab0453ff26e46d]
accept-encoding=[gzip,deflate,sdch]
accept-language=[en-US,en;q=0.8,id;q=0.6]
cookie=[JSESSIONID=51e29f141aab0453ff26e46d]
----cookies---
JSESSIONID=javax.servlet.http.Cookie@1b5470d
----auth---
isAuthenticated : false
------ done ------
Here's my spring xml
<bean id="myCustomRealm" class="kam.albert.security.MyCustomRealm">
<property name="credentialsMatcher" ref="sha256Matcher" />
</bean>
<bean id="sessionDAO" class="kam.albert.security.MyCustomShiroSessionDao" />
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="3600000" /> <!-- 1 hour -->
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionValidationSchedulerEnabled" value="false" /> <!--
let myCustom ttl collection does this -->
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="sessionMode" value="native" />
<property name="realm" ref="myCustomRealm"/>
<property name="sessionManager" ref="sessionManager" />
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
<property name="arguments" ref="securityManager"/>
</bean>
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/"/>
<property name="unauthorizedUrl" value="/signup"/>
<property name="filterChainDefinitions">
<value>
/** = authc
/logout = logout
</value>
</property>
</bean>
Here's my filter configurations :
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>httpMethodFilter</filter-name>
<filter-class>
org.springframework.web.filter.HiddenHttpMethodFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>httpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Here's my login form :
<#macro loginForm>
<form name="loginform" action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="30"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30"></td>
</tr>
<tr>
<td colspan="2" align="left"><input type="checkbox"
name="rememberMe"><font size="2">Remember Me</font></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit"
value="Login"></td>
</tr>
</table>
</form>
</#macro>
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)
Re: Keeps redirecting to the login page after successful login
Posted by Albert Kam <mo...@gmail.com>.
Found out what the problem was. Its my custom dao native session
implementation that was faulty, causing the authenticated flag unpersisted
by my custom dao.
Thats why its successful authentication didnt last after the request ended.
On Sunday, July 14, 2013, Albert Kam wrote:
> The login seems to be successful from the output of the logs of my custom
> realm,
> but it keeps redirecting to the login page as if it were not successful.
>
> I do not do a programmatical login, but rather use the shiro filter, add
> the login form, define the login url, and make use of authc.
>
> My suspect is my realm, because it seems like the other configurations are
> very similar to may working examples available on the net.
>
> Please take a look and share what you think ?
>
> Here's my custom realm :
> @Service
> @Scope("singleton")
> public class MyCustomRealm extends AuthenticatingRealm {
> @Autowired private UserRepository repository;
>
> @Override
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token) throws AuthenticationException {
> SimpleAuthenticationInfo authInfo = null;
> System.out.println("starting doGetAuthenticationInfo");
> if (token instanceof UsernamePasswordToken) {
> User user =
> this.repository.findByName(((UsernamePasswordToken)token).getUsername());
> authInfo = new SimpleAuthenticationInfo(user.getUserName(),
> user.getHashedPassword(), user.getSalt(), "myCustomRealm");
> }
> return authInfo;
> }
> }
>
> Here's the log output after login :
> starting doGetAuthenticationInfo
> user found albert-kam
> returning an authInfo
> ----header---
> host=[myapp.com:8080]
> connection=[keep-alive]
> cache-control=[max-age=0]
> accept=[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
> user-agent=[Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/28.0.1500.71 Safari/537.36]
> referer=[http://myapp.com:8080/login;JSESSIONID=51e29f141aab0453ff26e46d]
> accept-encoding=[gzip,deflate,sdch]
> accept-language=[en-US,en;q=0.8,id;q=0.6]
> cookie=[JSESSIONID=51e29f141aab0453ff26e46d]
> ----cookies---
> JSESSIONID=javax.servlet.http.Cookie@1b5470d
> ----auth---
> isAuthenticated : false
> ------ done ------
>
> Here's my spring xml
> <bean id="myCustomRealm" class="kam.albert.security.MyCustomRealm">
> <property name="credentialsMatcher" ref="sha256Matcher" />
> </bean>
> <bean id="sessionDAO" class="kam.albert.security.MyCustomShiroSessionDao"
> />
> <bean id="sessionManager"
> class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
> <property name="globalSessionTimeout" value="3600000" /> <!-- 1 hour -->
> <property name="sessionDAO" ref="sessionDAO" />
> <property name="sessionValidationSchedulerEnabled" value="false" /> <!--
> let myCustom ttl collection does this -->
> </bean>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="sessionMode" value="native" />
> <property name="realm" ref="myCustomRealm"/>
> <property name="sessionManager" ref="sessionManager" />
> </bean>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
> <bean
> class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
> <property name="staticMethod"
> value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
> <property name="arguments" ref="securityManager"/>
> </bean>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager"/>
> <property name="loginUrl" value="/login"/>
> <property name="successUrl" value="/"/>
> <property name="unauthorizedUrl" value="/signup"/>
> <property name="filterChainDefinitions">
> <value>
> /** = authc
> /logout = logout
> </value>
> </property>
> </bean>
>
>
> Here's my filter configurations :
> <filter>
> <filter-name>shiroFilter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> <init-param>
> <param-name>targetFilterLifecycle</param-name>
> <param-value>true</param-value>
> </init-param>
> </filter>
> <filter>
> <filter-name>httpMethodFilter</filter-name>
> <filter-class>
> org.springframework.web.filter.HiddenHttpMethodFilter
> </filter-class>
> </filter>
> <filter-mapping>
> <filter-name>shiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
> <filter-mapping>
> <filter-name>httpMethodFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> Here's my login form :
> <#macro loginForm>
> <form name="loginform" action="" method="post">
> <table align="left" border="0" cellspacing="0" cellpadding="3">
> <tr>
> <td>Username:</td>
> <td><input type="text" name="username" maxlength="30"></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><input type="password" name="password" maxlength="30"></td>
> </tr>
> <tr>
> <td colspan="2" align="left"><input type="checkbox"
> name="rememberMe"><font size="2">Remember Me</font></td>
> </tr>
> <tr>
> <td colspan="2" align="right"><input type="submit" name="submit"
> value="Login"></td>
> </tr>
> </table>
> </form>
> </#macro>
>
>
>
> --
> Do not pursue the past. Do not lose yourself in the future.
> The past no longer is. The future has not yet come.
> Looking deeply at life as it is in the very here and now,
> the practitioner dwells in stability and freedom.
> (Thich Nhat Hanh)
>
--
Do not pursue the past. Do not lose yourself in the future.
The past no longer is. The future has not yet come.
Looking deeply at life as it is in the very here and now,
the practitioner dwells in stability and freedom.
(Thich Nhat Hanh)