You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Sven Richter <sv...@googlemail.com> on 2012/08/27 14:03:36 UTC
Integrating shiro within spring 3.1 and jsf 2 on tomcat 7
Hi,
i am desperately trying to get shiro running within my spring web
application for the last few days. I tried several things like using
my own realm extending AuthorizingRealm, using simple configuration in
a shiro.xml and even using shiro by configuring a shiro.ini, and of
course all mixed up. I got neither working.
So i am trying to start it over again, maybe one of you can help me.
This is my web.xml (leaving out the not so interesting parts):
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- enable apache shiro security -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Project Stage Level -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
This is my shiro.xml:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/pages/auth/login.xhtml" />
<property name="successUrl" value="/pages/tasks/tasks.xhtml" />
<property name="filterChainDefinitions">
<value>
/pages/tasks/** = authc
</value>
</property>
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myIniRealm" />
<property name="sessionMode" value="native" />
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id="myIniRealm" class="org.apache.shiro.realm.text.IniRealm">
<constructor-arg value="classpath:shiro.ini" type="java.lang.String"/>
</bean>
<bean id="secureRemoteInvocationExecutor"
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
<property name="securityManager" ref="securityManager" />
</bean>
<bean id="secureRemoteInvocationFactory"
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory" />
And this my shiro.ini:
[main]
[users]
sveri = pw, admin
[roles]
admin = *
user = user:*
[urls]
My login.xhtml looks like this:
<ui:composition template="../template_plain.xhtml"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<ui:define name="content">
<form name="loginform" action="" method="post">
Username: <input type="text" name="username" /><br /> Password: <input
type="password" name="password" /> <input type="checkbox"
name="rememberMe" value="true" />Remember Me?<br /> <input
type="submit" name="submit" value="Login" />
</form>
</ui:define>
</ui:composition>
That's it. Now if i go to a subpage of /pages/tasks/ i can see that
the url filter works and i get redirected to my login.xhtml. Entering
my credentials there and submitting them just returns me to the
login.xhtml w/o an error notice or anything alike.
I think that this is the most basic setup and i just cannot find what is wrong.
Any help would be appreciated.
Best regards,
Sven
Re: Integrating shiro within spring 3.1 and jsf 2 on tomcat 7
Posted by Sven Richter <sv...@googlemail.com>.
Thank you very much Jared,
your hint was one step forward to my solution and i got it working now
with a basic ini setup :-)
On Mon, Aug 27, 2012 at 2:12 PM, Jared Bunting
<ja...@peachjean.com> wrote:
> In order for the authc filter to see (and process) the login request,
> it has to be configured to intercept that page. This means that you
> want to add something like this:
>
> /pages/auth/login.xhtml=authc
>
> to your filterChainDefinitions. Since the authc filter knows that this
> is your login page, it won't block access to it, but it can't do
> anything with the submission unless it gets an opportunity to see it.
>
> Hope that helps,
> Jared
>
> On Mon 27 Aug 2012 07:03:36 AM CDT, Sven Richter wrote:
>> Hi,
>>
>> i am desperately trying to get shiro running within my spring web
>> application for the last few days. I tried several things like using
>> my own realm extending AuthorizingRealm, using simple configuration in
>> a shiro.xml and even using shiro by configuring a shiro.ini, and of
>> course all mixed up. I got neither working.
>>
>> So i am trying to start it over again, maybe one of you can help me.
>> This is my web.xml (leaving out the not so interesting parts):
>>
>> <context-param>
>> <param-name>contextConfigLocation</param-name>
>> <param-value>/WEB-INF/spring/root-context.xml</param-value>
>> </context-param>
>> <listener>
>> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>> </listener>
>>
>> <listener>
>> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
>> </listener>
>>
>> <servlet>
>> <servlet-name>appServlet</servlet-name>
>> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
>> <init-param>
>> <param-name>contextConfigLocation</param-name>
>> <param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
>> </init-param>
>> <load-on-startup>1</load-on-startup>
>> </servlet>
>> <servlet-mapping>
>> <servlet-name>appServlet</servlet-name>
>> <url-pattern>/</url-pattern>
>> </servlet-mapping>
>>
>> <!-- enable apache shiro security -->
>> <filter>
>> <filter-name>shiroFilter</filter-name>
>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>> <init-param>
>> <param-name>targetFilterLifecycle</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> </filter>
>>
>> <filter-mapping>
>> <filter-name>shiroFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>>
>> <!-- Project Stage Level -->
>> <context-param>
>> <param-name>javax.faces.PROJECT_STAGE</param-name>
>> <param-value>Development</param-value>
>> </context-param>
>>
>> <servlet>
>> <servlet-name>Faces Servlet</servlet-name>
>> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
>> <load-on-startup>1</load-on-startup>
>> </servlet>
>>
>> <!-- Mapping with servlet and url for the http requests. -->
>> <servlet-mapping>
>> <servlet-name>Faces Servlet</servlet-name>
>> <url-pattern>*.xhtml</url-pattern>
>> </servlet-mapping>
>>
>> This is my shiro.xml:
>>
>> <bean id="shiroFilter"
>> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
>> <property name="securityManager" ref="securityManager" />
>> <property name="loginUrl" value="/pages/auth/login.xhtml" />
>> <property name="successUrl" value="/pages/tasks/tasks.xhtml" />
>>
>> <property name="filterChainDefinitions">
>> <value>
>> /pages/tasks/** = authc
>> </value>
>> </property>
>> </bean>
>>
>> <bean id="securityManager"
>> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
>> <property name="realm" ref="myIniRealm" />
>> <property name="sessionMode" value="native" />
>> </bean>
>> <bean id="lifecycleBeanPostProcessor"
>> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
>>
>>
>> <bean id="myIniRealm" class="org.apache.shiro.realm.text.IniRealm">
>> <constructor-arg value="classpath:shiro.ini" type="java.lang.String"/>
>> </bean>
>>
>> <bean id="secureRemoteInvocationExecutor"
>> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
>> <property name="securityManager" ref="securityManager" />
>> </bean>
>>
>> <bean id="secureRemoteInvocationFactory"
>> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory" />
>>
>> And this my shiro.ini:
>> [main]
>>
>> [users]
>> sveri = pw, admin
>>
>> [roles]
>> admin = *
>> user = user:*
>>
>> [urls]
>>
>> My login.xhtml looks like this:
>> <ui:composition template="../template_plain.xhtml"
>> xmlns="http://www.w3.org/1999/xhtml"
>> xmlns:h="http://java.sun.com/jsf/html"
>> xmlns:f="http://java.sun.com/jsf/core"
>> xmlns:ui="http://java.sun.com/jsf/facelets"
>> xmlns:p="http://primefaces.org/ui">
>>
>> <ui:define name="content">
>>
>> <form name="loginform" action="" method="post">
>>
>> Username: <input type="text" name="username" /><br /> Password: <input
>> type="password" name="password" /> <input type="checkbox"
>> name="rememberMe" value="true" />Remember Me?<br /> <input
>> type="submit" name="submit" value="Login" />
>> </form>
>> </ui:define>
>> </ui:composition>
>>
>> That's it. Now if i go to a subpage of /pages/tasks/ i can see that
>> the url filter works and i get redirected to my login.xhtml. Entering
>> my credentials there and submitting them just returns me to the
>> login.xhtml w/o an error notice or anything alike.
>> I think that this is the most basic setup and i just cannot find what is wrong.
>>
>> Any help would be appreciated.
>> Best regards,
>> Sven
>
>
Re: Integrating shiro within spring 3.1 and jsf 2 on tomcat 7
Posted by Jared Bunting <ja...@peachjean.com>.
In order for the authc filter to see (and process) the login request,
it has to be configured to intercept that page. This means that you
want to add something like this:
/pages/auth/login.xhtml=authc
to your filterChainDefinitions. Since the authc filter knows that this
is your login page, it won't block access to it, but it can't do
anything with the submission unless it gets an opportunity to see it.
Hope that helps,
Jared
On Mon 27 Aug 2012 07:03:36 AM CDT, Sven Richter wrote:
> Hi,
>
> i am desperately trying to get shiro running within my spring web
> application for the last few days. I tried several things like using
> my own realm extending AuthorizingRealm, using simple configuration in
> a shiro.xml and even using shiro by configuring a shiro.ini, and of
> course all mixed up. I got neither working.
>
> So i am trying to start it over again, maybe one of you can help me.
> This is my web.xml (leaving out the not so interesting parts):
>
> <context-param>
> <param-name>contextConfigLocation</param-name>
> <param-value>/WEB-INF/spring/root-context.xml</param-value>
> </context-param>
> <listener>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
> </listener>
>
> <listener>
> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
> </listener>
>
> <servlet>
> <servlet-name>appServlet</servlet-name>
> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
> <init-param>
> <param-name>contextConfigLocation</param-name>
> <param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
> </init-param>
> <load-on-startup>1</load-on-startup>
> </servlet>
> <servlet-mapping>
> <servlet-name>appServlet</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
>
> <!-- enable apache shiro security -->
> <filter>
> <filter-name>shiroFilter</filter-name>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> <init-param>
> <param-name>targetFilterLifecycle</param-name>
> <param-value>true</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>shiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> <!-- Project Stage Level -->
> <context-param>
> <param-name>javax.faces.PROJECT_STAGE</param-name>
> <param-value>Development</param-value>
> </context-param>
>
> <servlet>
> <servlet-name>Faces Servlet</servlet-name>
> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
> <load-on-startup>1</load-on-startup>
> </servlet>
>
> <!-- Mapping with servlet and url for the http requests. -->
> <servlet-mapping>
> <servlet-name>Faces Servlet</servlet-name>
> <url-pattern>*.xhtml</url-pattern>
> </servlet-mapping>
>
> This is my shiro.xml:
>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager" />
> <property name="loginUrl" value="/pages/auth/login.xhtml" />
> <property name="successUrl" value="/pages/tasks/tasks.xhtml" />
>
> <property name="filterChainDefinitions">
> <value>
> /pages/tasks/** = authc
> </value>
> </property>
> </bean>
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="realm" ref="myIniRealm" />
> <property name="sessionMode" value="native" />
> </bean>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
>
>
> <bean id="myIniRealm" class="org.apache.shiro.realm.text.IniRealm">
> <constructor-arg value="classpath:shiro.ini" type="java.lang.String"/>
> </bean>
>
> <bean id="secureRemoteInvocationExecutor"
> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
> <property name="securityManager" ref="securityManager" />
> </bean>
>
> <bean id="secureRemoteInvocationFactory"
> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory" />
>
> And this my shiro.ini:
> [main]
>
> [users]
> sveri = pw, admin
>
> [roles]
> admin = *
> user = user:*
>
> [urls]
>
> My login.xhtml looks like this:
> <ui:composition template="../template_plain.xhtml"
> xmlns="http://www.w3.org/1999/xhtml"
> xmlns:h="http://java.sun.com/jsf/html"
> xmlns:f="http://java.sun.com/jsf/core"
> xmlns:ui="http://java.sun.com/jsf/facelets"
> xmlns:p="http://primefaces.org/ui">
>
> <ui:define name="content">
>
> <form name="loginform" action="" method="post">
>
> Username: <input type="text" name="username" /><br /> Password: <input
> type="password" name="password" /> <input type="checkbox"
> name="rememberMe" value="true" />Remember Me?<br /> <input
> type="submit" name="submit" value="Login" />
> </form>
> </ui:define>
> </ui:composition>
>
> That's it. Now if i go to a subpage of /pages/tasks/ i can see that
> the url filter works and i get redirected to my login.xhtml. Entering
> my credentials there and submitting them just returns me to the
> login.xhtml w/o an error notice or anything alike.
> I think that this is the most basic setup and i just cannot find what is wrong.
>
> Any help would be appreciated.
> Best regards,
> Sven