Integrating shiro within spring 3.1 and jsf 2 on tomcat 7

Mon, 27 Aug 2012 05:04:11 -0700 

Hi,

i am desperately trying to get shiro running within my spring web
application for the last few days. I tried several things like using
my own realm extending AuthorizingRealm, using simple configuration in
a shiro.xml and even using shiro by configuring a shiro.ini, and of
course all mixed up. I got neither working.

So i am trying to start it over again, maybe one of you can help me.
This is my web.xml (leaving out the not so interesting parts):

        <context-param>
                <param-name>contextConfigLocation</param-name>
                <param-value>/WEB-INF/spring/root-context.xml</param-value>
        </context-param>
        <listener>
                
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <listener>
                
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
        </listener>

        <servlet>
                <servlet-name>appServlet</servlet-name>
                
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                <init-param>
                        <param-name>contextConfigLocation</param-name>
                        
<param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
                </init-param>
                <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
                <servlet-name>appServlet</servlet-name>
                <url-pattern>/</url-pattern>
        </servlet-mapping>

        <!-- enable apache shiro security -->
        <filter>
                <filter-name>shiroFilter</filter-name>
                
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                <init-param>
                        <param-name>targetFilterLifecycle</param-name>
                        <param-value>true</param-value>
                </init-param>
        </filter>

        <filter-mapping>
                <filter-name>shiroFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>


        <!-- Project Stage Level -->
        <context-param>
                <param-name>javax.faces.PROJECT_STAGE</param-name>
                <param-value>Development</param-value>
        </context-param>

        <servlet>
                <servlet-name>Faces Servlet</servlet-name>
                <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
                <load-on-startup>1</load-on-startup>
        </servlet>

        <!-- Mapping with servlet and url for the http requests. -->
        <servlet-mapping>
                <servlet-name>Faces Servlet</servlet-name>
                <url-pattern>*.xhtml</url-pattern>
        </servlet-mapping>

This is my shiro.xml:

<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
                <property name="securityManager" ref="securityManager" />
                <property name="loginUrl" value="/pages/auth/login.xhtml" />
                <property name="successUrl" value="/pages/tasks/tasks.xhtml" />

                <property name="filterChainDefinitions">
                        <value>
                                /pages/tasks/** = authc
                        </value>
                </property>
        </bean>

        <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
                <property name="realm" ref="myIniRealm" />
                <property name="sessionMode" value="native" />
        </bean>
        <bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
        
        
        <bean id="myIniRealm" class="org.apache.shiro.realm.text.IniRealm">
                <constructor-arg value="classpath:shiro.ini" 
type="java.lang.String"/>
        </bean>

        <bean id="secureRemoteInvocationExecutor"
                
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
                <property name="securityManager" ref="securityManager" />
        </bean>

        <bean id="secureRemoteInvocationFactory"
                
class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory" />

And this my shiro.ini:
[main]

[users]
sveri = pw, admin

[roles]
admin = *
user = user:*

[urls]

My login.xhtml looks like this:
<ui:composition template="../template_plain.xhtml"
        xmlns="http://www.w3.org/1999/xhtml";
        xmlns:h="http://java.sun.com/jsf/html";
        xmlns:f="http://java.sun.com/jsf/core";
        xmlns:ui="http://java.sun.com/jsf/facelets";
        xmlns:p="http://primefaces.org/ui";>

        <ui:define name="content">

                <form name="loginform" action="" method="post">

                        Username: <input type="text" name="username" /><br /> 
Password: <input
                                type="password" name="password" /> <input 
type="checkbox"
                                name="rememberMe" value="true" />Remember 
Me?<br /> <input
                                type="submit" name="submit" value="Login" />
                </form>
        </ui:define>
</ui:composition>

That's it. Now if i go to a subpage of /pages/tasks/ i can see that
the url filter works and i get redirected to my login.xhtml. Entering
my credentials there and submitting them just returns me to the
login.xhtml w/o an error notice or anything alike.
I think that this is the most basic setup and i just cannot find what is wrong.

Any help would be appreciated.
Best regards,
Sven

Reply via email to