Sorry about the previous message, I forgot to add what I wanted to ask. Here is what I wanted to ask: The second login attempt passes even though I specified AllSuccessfulStrategy, why? If I commented out the first few lines for the first login attempt the second login attempt fails : 2012-12-10 10:30:28,586 [main] INFO example.ShiroTest - My First Apache Shiro Application 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - 2 realm size 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - org.apache.shiro.authc.pam.ModularRealmAuthenticator@578088c0 realm authenticator 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - org.apache.shiro.authc.pam.AllSuccessfulStrategy@5afec107 authentication strategy 2012-12-10 10:30:28,617 [main] DEBUG org.apache.shiro.session.mgt.AbstractValidatingSessionManager - No sessionValidationScheduler set. Attempting to create default instance. 2012-12-10 10:30:28,617 [main] INFO org.apache.shiro.session.mgt.AbstractValidatingSessionManager - Enabling session validation scheduler... 2012-12-10 10:30:28,617 [main] DEBUG org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2012-12-10 10:30:28,648 [main] INFO example.ShiroTest - Retrieved the correct value! [aValue] 2012-12-10 10:30:28,648 [main] ERROR example.ShiroTest - authenticationexception;Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). What does this mean?
Thanks again On Mon, Dec 10, 2012 at 10:27 AM, ming hsieh <[email protected]> wrote: > Hi Shiro > > I have a written a small test program: > > public class ShiroTest { > private static final transient Logger log = > LoggerFactory.getLogger(ShiroTest.class); > > public static void main(String[] args) { > log.info("My First Apache Shiro Application"); > SecurityManager securityManager = null; > > securityManager = new DefaultSecurityManager(useTextRealm()); > SecurityUtils.setSecurityManager(securityManager); > doLogin("admin", "admin"); > > List<Realm> realms = new ArrayList<Realm>(); > realms.add(useTextRealm()); > realms.add(useTextRealm2()); > securityManager = new DefaultSecurityManager(realms); > SecurityUtils.setSecurityManager(securityManager); > RealmSecurityManager rsm = (RealmSecurityManager) > SecurityUtils.getSecurityManager(); > log.info("{} realm size", rsm.getRealms().size()); > DefaultSecurityManager dsm = (DefaultSecurityManager) > SecurityUtils.getSecurityManager(); > dsm.setAuthenticator(new ModularRealmAuthenticator()); > ModularRealmAuthenticator mra = (ModularRealmAuthenticator) > dsm.getAuthenticator(); > log.info("{} realm authenticator", dsm.getAuthenticator()); > mra.setAuthenticationStrategy(new AllSuccessfulStrategy()); > log.info("{} authentication strategy", > mra.getAuthenticationStrategy()); > doLogin("admin", "admin"); > > } > > private static SimpleAccountRealm useTextRealm() { > SimpleAccountRealm simpleRealm = new SimpleAccountRealm(); > simpleRealm.addAccount("admin", "admin"); > return simpleRealm; > } > > private static SimpleAccountRealm useTextRealm2() { > SimpleAccountRealm simpleRealm = new SimpleAccountRealm(); > simpleRealm.addAccount("admin", "admin2"); > return simpleRealm; > } > > private static void doLogin(String username, String password) { > > // get the currently executing user: > Subject currentUser = SecurityUtils.getSubject(); > > // Do some stuff with a Session (no need for a web or EJB > container!!!) > Session session = currentUser.getSession(); > session.setAttribute("someKey", "aValue"); > String value = (String) session.getAttribute("someKey"); > if (value.equals("aValue")) { > log.info("Retrieved the correct value! [" + value + "]"); > } > > // let's login the current user so we can check against roles and > permissions: > if (!currentUser.isAuthenticated()) { > UsernamePasswordToken token = new > UsernamePasswordToken(username, password); > try { > currentUser.login(token); > } catch (UnknownAccountException uae) { > log.info("There is no user with username of " + > token.getPrincipal()); > return; > } catch (IncorrectCredentialsException ice) { > log.info("Password for account " + token.getPrincipal() + > " was incorrect!"); > return; > } catch (LockedAccountException lae) { > log.info("The account for username " + > token.getPrincipal() + " is locked. " + > "Please contact your administrator to unlock it."); > return; > } catch (AuthenticationException ae) { > log.error("authenticationexception;"+ae.getMessage()); > return; > } > } > > log.info("User [" + currentUser.getPrincipal() + "] logged in > successfully."); > log.info("someattribute;"+session.getAttribute("someKey")); > log.info("is user authenticated;"+currentUser.isAuthenticated()); > > //all done - log out! > currentUser.logout(); > > } > > } > > > I am a newbie to Shiro so please help me to understand, thanks in advance. >
