Thank you very much Jared, your hint was one step forward to my solution and i got it working now with a basic ini setup :-)
On Mon, Aug 27, 2012 at 2:12 PM, Jared Bunting <[email protected]> wrote: > In order for the authc filter to see (and process) the login request, > it has to be configured to intercept that page. This means that you > want to add something like this: > > /pages/auth/login.xhtml=authc > > to your filterChainDefinitions. Since the authc filter knows that this > is your login page, it won't block access to it, but it can't do > anything with the submission unless it gets an opportunity to see it. > > Hope that helps, > Jared > > On Mon 27 Aug 2012 07:03:36 AM CDT, Sven Richter wrote: >> Hi, >> >> i am desperately trying to get shiro running within my spring web >> application for the last few days. I tried several things like using >> my own realm extending AuthorizingRealm, using simple configuration in >> a shiro.xml and even using shiro by configuring a shiro.ini, and of >> course all mixed up. I got neither working. >> >> So i am trying to start it over again, maybe one of you can help me. >> This is my web.xml (leaving out the not so interesting parts): >> >> <context-param> >> <param-name>contextConfigLocation</param-name> >> <param-value>/WEB-INF/spring/root-context.xml</param-value> >> </context-param> >> <listener> >> >> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> >> </listener> >> >> <listener> >> >> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> >> </listener> >> >> <servlet> >> <servlet-name>appServlet</servlet-name> >> >> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> >> <init-param> >> <param-name>contextConfigLocation</param-name> >> >> <param-value>/WEB-INF/spring/app/servlet-context.xml</param-value> >> </init-param> >> <load-on-startup>1</load-on-startup> >> </servlet> >> <servlet-mapping> >> <servlet-name>appServlet</servlet-name> >> <url-pattern>/</url-pattern> >> </servlet-mapping> >> >> <!-- enable apache shiro security --> >> <filter> >> <filter-name>shiroFilter</filter-name> >> >> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >> <init-param> >> <param-name>targetFilterLifecycle</param-name> >> <param-value>true</param-value> >> </init-param> >> </filter> >> >> <filter-mapping> >> <filter-name>shiroFilter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> >> <!-- Project Stage Level --> >> <context-param> >> <param-name>javax.faces.PROJECT_STAGE</param-name> >> <param-value>Development</param-value> >> </context-param> >> >> <servlet> >> <servlet-name>Faces Servlet</servlet-name> >> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> >> <load-on-startup>1</load-on-startup> >> </servlet> >> >> <!-- Mapping with servlet and url for the http requests. --> >> <servlet-mapping> >> <servlet-name>Faces Servlet</servlet-name> >> <url-pattern>*.xhtml</url-pattern> >> </servlet-mapping> >> >> This is my shiro.xml: >> >> <bean id="shiroFilter" >> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> >> <property name="securityManager" ref="securityManager" /> >> <property name="loginUrl" value="/pages/auth/login.xhtml" /> >> <property name="successUrl" value="/pages/tasks/tasks.xhtml" /> >> >> <property name="filterChainDefinitions"> >> <value> >> /pages/tasks/** = authc >> </value> >> </property> >> </bean> >> >> <bean id="securityManager" >> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> >> <property name="realm" ref="myIniRealm" /> >> <property name="sessionMode" value="native" /> >> </bean> >> <bean id="lifecycleBeanPostProcessor" >> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> >> >> >> <bean id="myIniRealm" class="org.apache.shiro.realm.text.IniRealm"> >> <constructor-arg value="classpath:shiro.ini" >> type="java.lang.String"/> >> </bean> >> >> <bean id="secureRemoteInvocationExecutor" >> >> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> >> <property name="securityManager" ref="securityManager" /> >> </bean> >> >> <bean id="secureRemoteInvocationFactory" >> >> class="org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory" /> >> >> And this my shiro.ini: >> [main] >> >> [users] >> sveri = pw, admin >> >> [roles] >> admin = * >> user = user:* >> >> [urls] >> >> My login.xhtml looks like this: >> <ui:composition template="../template_plain.xhtml" >> xmlns="http://www.w3.org/1999/xhtml"; >> xmlns:h="http://java.sun.com/jsf/html"; >> xmlns:f="http://java.sun.com/jsf/core"; >> xmlns:ui="http://java.sun.com/jsf/facelets"; >> xmlns:p="http://primefaces.org/ui";> >> >> <ui:define name="content"> >> >> <form name="loginform" action="" method="post"> >> >> Username: <input type="text" name="username" /><br /> >> Password: <input >> type="password" name="password" /> <input >> type="checkbox" >> name="rememberMe" value="true" />Remember >> Me?<br /> <input >> type="submit" name="submit" value="Login" /> >> </form> >> </ui:define> >> </ui:composition> >> >> That's it. Now if i go to a subpage of /pages/tasks/ i can see that >> the url filter works and i get redirected to my login.xhtml. Entering >> my credentials there and submitting them just returns me to the >> login.xhtml w/o an error notice or anything alike. >> I think that this is the most basic setup and i just cannot find what is >> wrong. >> >> Any help would be appreciated. >> Best regards, >> Sven > >
