Hello,
Here is my situation. We have a pure client/server application written in
Java(not a web application) which uses our own basic custom implementation
of AuthorizingRealm. We'll call our custom class OurCustomRealm
OurCustomRealm extends AuthorizingRealm
we set up our security for our server applications with code like so:
OurCustomRealm ourRealm = new OurCustomRealm(some, various, needed,
services)
RealmSecurityManager securityManager = (RealmSecurityManager)
SecurityUtils.getSecurityManager();
List<Realm> newRealms = new ArrayList<Realm>();
Collection<Realm> realms = securityManager.getRealms();
if (realms != null) {
newRealms.addAll(realms);
}
newRealms.add( ourRealm );
securityManager.setRealms(newRealms);
this all works fine, as we use this to perform our own checks against
database or ldap and have been using this fine for a year or so.
Later, in our server startup code we start an embedded Jetty server to
server up some html and jsp pages which works fine.
Now I am trying to secure some directories in our web application and I
want the web application to redirect to a login page for certain
directories and I want the username and password to be checked against my
already in memory security managers realms that is running in the server
app(which jetty is embedded in).
We start up our jetty sever with code like this:
Server server = new Server(HTTP_SERVER_PORT);
final WebAppContext myContext = new WebAppContext();
myContext.setDescriptor(myContext + "/WEB-INF/web.xml");
myContext.setResourceBase(resourceDir + "/" +
FileLocationsImpl.WEB_SERVER_FOLDER);
myContext.setParentLoaderPriority(true);
server.setHandler(myContext);
server.start();
This starts the server fine and we have been able to access things no
problems.
Now that I want to secure a directory, I have tried adding this to my
web.xml file:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>
org.apache.shiro.web.servlet.IniShiroFilter
</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
[main]
authc.loginUrl=../public/login.html
[urls]
/reports/finance= authc
../public/login.html = authc
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
this seems to work fine any time I try to access
http://server/reports/finance then I am redirected to my login.html page.
This is my login.html page:
<html>
<head/>
<body>
<form action="" id="loginForm" method="post">
Username: <input type="text" name="username"/> <br/>
Password: <input type="password" name="password"/>
<input type="submit" name="Login"/>
</form>
</body>
</html>
This always redirects to the login properly when I try to access
/reports/finance but the login form itself does not seem to call my in
memory authorizingRealm(it seems to do nothing but post back and reload)
and I cannot figure out exactly what I need to do(either via web.xml or
programmatically in my Jetty startup code) to make this work.
Essentially I want a shared authorizing realm between a Java standalone
server and it's embedded Jetty server's web app.
I feel like I'm close, but can't quite get there.
What am I missing ?
Thanks
