Hi Tauren,
If you'll indulge me, I'll reference how to do it both in INI and in
Spring config - I know you're not using INI, but this could help
others who might. Also, you can see the parallel between the two
config mechanisms, as they achieve almost the same thing.
For registering AuthenticationListeners, you would have to set them by
traversing the SecurityManager's object graph and setting the property
that way - the same way you would do it in INI. For example, in INI:
securityManager.authenticator.authenticationListeners =
$authcListener1, $authcListener2, ..., $authcListenerN
In Spring:
<bean id="securityManager" class="...">
...
<property name="authenticator.authenticationListeners">
<set>
<bean ref="authcListener1"/>
<bean ref="authcListener2"/>
...
</bean ref="authcListenerN"/>
</set>
</property>
</bean>
As for excluding URLs, no coding necessary - you can do that via URL
chain configuration. For example, in INI, you can do that by using
[urls] section and defining a chain with the 'anon' filter (anonymous
- allow requests to pass through without any security check):
shiro.ini:
...
[urls]
/css = anon
/js = anon
/assets/images = anon
Or, in Spring:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
...
<!-- the ShiroFilterFactoryBean's 'filterChainDefinitions' property is the
same exact thing as the INI's [urls] section: -->
<property name="filterChainDefinitions">
<value>
/css = anon
/js = anon
/asses/images = anon
...
</value>
</property>
</bean>
So technically the ShiroFilter still handles all requests (in web.xml,
you want the <url-pattern>/*</url-pattern> to be defined), but you can
exclude urls this way. This is far more flexible than using web.xml
since it doesn't have the notion of exclusionary policies.
Also, don't forget that in Shiro's url chain definitions, the 'first
match wins' for url pattern matching. Make sure you define chains in
the order that they will be successfully matched against. For
example, this is good:
/user/signup = anon
/user/** = authc
and this wouldn't be nice:
/user/** = authc
/user/signup = anon
Because in the 2nd example, '/user/**' matches any request targeted at
'/user/signup' and the 'authc' filter would be invoked (thereby
preventing guests from signing up - clearly not the desired behavior).
HTH!
Les
On Fri, Jul 2, 2010 at 12:24 AM, Tauren Mills <[email protected]> wrote:
> Where can I find some sample code that illustrates the best way to
> register an AuthenticationListener? It seems that
> AuthenticationListenerRegistrar no longer exists. I would prefer to
> see how to do it using Spring for configuration instead of INI. Is
> there a sample project that illustrates how to do this?
>
> Also, I'm unclear on how to best customize the filter. My web.xml
> specifies a DelegatingFilterProxy, which I believe is then utilizing a
> ShiroFilterFactoryBean. My intent is to write a custom doFilter method
> that excludes certain paths, such as /css, /img, and /js. Should my
> custom filter extend some class? And how do I wire up my custom
> filter? Do I specify something as the targetBeanName init param?
>
> Alternatively, is there a different, simpler, or better way to EXCLUDE
> certain paths from being handled by the ShiroFilter? For instance, is
> there a way to do this purely with configuration inside of the web.xml
> alone?
>
> Lastly, what does the targetFilterLifecycle init param do?
>
> Here's the pertinent part of my spring ShiroFilter config:
>
> <bean id="ShiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager"/>
> </bean>
>
> Here are my current filter mappings:
>
> <filter>
> <filter-name>HibernateFilter</filter-name>
>
> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
> </filter>
> <filter>
> <filter-name>ShiroFilter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
> <!--
> <init-param>
> <param-name>targetFilterLifecycle</param-name>
> <param-value>true</param-value>
> </init-param>
> -->
> </filter>
> <filter>
> <filter-name>WicketFilter</filter-name>
>
> <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
> <init-param>
> <param-name>applicationFactoryClassName</param-name>
>
> <param-value>org.apache.wicket.spring.SpringWebApplicationFactory</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
> <filter-name>HibernateFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>ShiroFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
> <filter-mapping>
> <filter-name>WicketFilter</filter-name>
> <url-pattern>/*</url-pattern>
> <dispatcher>REQUEST</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
>
> Thanks,
> Tauren
>
