Hi Jocmoc, Are you configuring an IniShiroFilter in your web.xml? Shiro should filter all web requests for web-based applications. You should also probably be using INI configuration unless you have a more powerful object graph definition mechanism available (Spring, Guice, etc).
On Wed, Dec 30, 2009 at 4:31 PM, Jocmoc <[email protected]> wrote: > > Hallo, > I've a "simple" Web-Application using JSF and Hibernate/JPA. > Now I want to include Shiro in it, but I'm not able to do that, I tryed now > for 1 week (not 10 minutes ;-) > ..so maby I'm to stupid... > > ok whatever I miss some HowTo's or better documentations for Shiro. > > so I hope U can help me. > > ok what I have: > > import dbConnection.Connector; > import javax.faces.context.FacesContext; > import javax.servlet.http.HttpSession; > import model.Author; > > > public class SessionHandler { > > private String name; > private String passwd; > private Connector con=new Connector(); > private Author sessionAuthor; > //JSF-Instanz wird benannt > private FacesContext context = FacesContext.getCurrentInstance(); > //Session wird der Instanz zugeordnet bzw. neu erstellt wenn sie noch > nicht existiert > private HttpSession session = (HttpSession) > context.getExternalContext().getSession(true); > > > public SessionHandler(){ > > } > > > > public void login(){ > Author author = getCon().ckLogin(name, passwd); > if (author != null){ > this.getSession().setAttribute("author", author); > sessionAuthor = (Author) > this.getSession().getAttribute("author"); > > //session > getName().equals("hans")&&getPasswd().equals("geheim") > > } > > } > > public void logout(){ > //kill session (same as timeout) > // context = FacesContext.getCurrentInstance(); > // session = (HttpSession) > context.getExternalContext().getSession(false); > // session.invalidate(); > > //second possibility: clean session > > this.getSession().removeAttribute("author"); > > > } > > > public boolean isIsLogedIn(){ > > if(this.getSession().getAttribute("author")!=null) return true; > else > return false; > } > this is my SessionHandler + getter and setter > > > ok now I tried to use shiro for that: > > public class SecurityHandler { > private String name; > private String passwd; > > JdbcRealm realm=new JdbcRealm(); > SecurityManager securityManager = new DefaultWebSecurityManager(realm); > Subject currentUser = SecurityUtils.getSubject(); > > //constructor > > public void login(){ > SecurityUtils.setSecurityManager(securityManager); > > if (!currentUser.isAuthenticated()) { > UsernamePasswordToken token = new UsernamePasswordToken(name, > passwd); > token.setRememberMe(false); > > currentUser.login(token); > > //where to do this???? > realm.setAuthenticationQuery("Author.findByNick"); > } > } > > } > > ...mhh I think my biggest problem is, how to get datas from database (which > realms or SecurityManager or Authentificator I have to use ?????????????) > there are so many ways to get this (I only uses the API and for me its a > jungle of possibilitys, but whats THE Way?? ) > > I also whant to use this: @RequiresRoles and something like this: > <jsec:user/> or <jsec:hasRole/> > > ok Im not so good in programming Java - still Student and maybe my english > is not so good to understand - I give u all Informations u need > > > When my project successfully finished I whrite a litle How to for using > shiro in a web application. > > > -- > View this message in context: > http://n2.nabble.com/WebApp-with-JSF-Hibernate-JPA-need-some-help-tp4234135p4234135.html > Sent from the Shiro User mailing list archive at Nabble.com. >
