Stupid Ctrl+Enter... Try:
On Mon 10 Dec 2012 12:04:29 PM CST, Jared Bunting wrote: > > I believe that this will behave as you expect if you remove the line: > > dsm.setAuthenticator(new ModularRealmAuthenticator()); > > The reason being that the security manager doesn't expect you to change > out the authenticator after adding realms. This is really just an > implementation detail of how the security manager is setup, but your > new authenticator has no realms. Try: If you try using a debugger to look at "mra", you will see that the "realms" field has an empty Collection (I believe). > > > On Sun 09 Dec 2012 08:32:17 PM CST, ming hsieh wrote: >> >> Sorry about the previous message, I forgot to add what I wanted to ask. >> Here is what I wanted to ask: >> The second login attempt passes even though I specified >> AllSuccessfulStrategy, why? >> If I commented out the first few lines for the first login attempt the >> second login attempt fails : >> 2012-12-10 10:30:28,586 [main] INFO example.ShiroTest - My First >> Apache Shiro Application >> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - 2 realm size >> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - >> org.apache.shiro.authc.pam.ModularRealmAuthenticator@578088c0 realm >> authenticator >> 2012-12-10 10:30:28,617 [main] INFO example.ShiroTest - >> org.apache.shiro.authc.pam.AllSuccessfulStrategy@5afec107 >> authentication strategy >> 2012-12-10 10:30:28,617 [main] DEBUG >> org.apache.shiro.session.mgt.AbstractValidatingSessionManager - No >> sessionValidationScheduler set. Attempting to create default instance. >> 2012-12-10 10:30:28,617 [main] INFO >> org.apache.shiro.session.mgt.AbstractValidatingSessionManager - >> Enabling session validation scheduler... >> 2012-12-10 10:30:28,617 [main] DEBUG >> org.apache.shiro.session.mgt.DefaultSessionManager - Creating new EIS >> record for new session instance >> [org.apache.shiro.session.mgt.SimpleSession,id=null] >> 2012-12-10 10:30:28,648 [main] INFO example.ShiroTest - Retrieved the >> correct value! [aValue] >> 2012-12-10 10:30:28,648 [main] ERROR example.ShiroTest - >> authenticationexception;Authentication failed for token submission >> [org.apache.shiro.authc.UsernamePasswordToken - admin, >> rememberMe=false]. Possible unexpected error? (Typical or expected >> login exceptions should extend from AuthenticationException). >> What does this mean? >> >> Thanks again >> >> >> >> >> On Mon, Dec 10, 2012 at 10:27 AM, ming hsieh <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Shiro >> >> I have a written a small test program: >> >> public class ShiroTest { >> private static final transient Logger log = >> LoggerFactory.getLogger(ShiroTest.class); >> >> public static void main(String[] args) { >> log.info <http://log.info>("My First Apache Shiro >> Application"); >> SecurityManager securityManager = null; >> >> securityManager = new DefaultSecurityManager(useTextRealm()); >> SecurityUtils.setSecurityManager(securityManager); >> doLogin("admin", "admin"); >> >> List<Realm> realms = new ArrayList<Realm>(); >> realms.add(useTextRealm()); >> realms.add(useTextRealm2()); >> securityManager = new DefaultSecurityManager(realms); >> SecurityUtils.setSecurityManager(securityManager); >> RealmSecurityManager rsm = (RealmSecurityManager) >> SecurityUtils.getSecurityManager(); >> log.info <http://log.info>("{} realm size", >> rsm.getRealms().size()); >> DefaultSecurityManager dsm = (DefaultSecurityManager) >> SecurityUtils.getSecurityManager(); >> dsm.setAuthenticator(new ModularRealmAuthenticator()); >> ModularRealmAuthenticator mra = >> (ModularRealmAuthenticator) dsm.getAuthenticator(); >> log.info <http://log.info>("{} realm authenticator", >> dsm.getAuthenticator()); >> mra.setAuthenticationStrategy(new AllSuccessfulStrategy()); >> log.info <http://log.info>("{} authentication strategy", >> mra.getAuthenticationStrategy()); >> doLogin("admin", "admin"); >> >> } >> >> private static SimpleAccountRealm useTextRealm() { >> SimpleAccountRealm simpleRealm = new SimpleAccountRealm(); >> simpleRealm.addAccount("admin", "admin"); >> return simpleRealm; >> } >> >> private static SimpleAccountRealm useTextRealm2() { >> SimpleAccountRealm simpleRealm = new SimpleAccountRealm(); >> simpleRealm.addAccount("admin", "admin2"); >> return simpleRealm; >> } >> >> private static void doLogin(String username, String password) { >> >> // get the currently executing user: >> Subject currentUser = SecurityUtils.getSubject(); >> >> // Do some stuff with a Session (no need for a web or EJB >> container!!!) >> Session session = currentUser.getSession(); >> session.setAttribute("someKey", "aValue"); >> String value = (String) session.getAttribute("someKey"); >> if (value.equals("aValue")) { >> log.info <http://log.info>("Retrieved the correct >> value! [" + value + "]"); >> } >> >> // let's login the current user so we can check against >> roles and permissions: >> if (!currentUser.isAuthenticated()) { >> UsernamePasswordToken token = new >> UsernamePasswordToken(username, password); >> try { >> currentUser.login(token); >> } catch (UnknownAccountException uae) { >> log.info <http://log.info>("There is no user with >> username of " + token.getPrincipal()); >> return; >> } catch (IncorrectCredentialsException ice) { >> log.info <http://log.info>("Password for account " >> + token.getPrincipal() + " was incorrect!"); >> return; >> } catch (LockedAccountException lae) { >> log.info <http://log.info>("The account for >> username " + token.getPrincipal() + " is locked. " + >> "Please contact your administrator to >> unlock it."); >> return; >> } catch (AuthenticationException ae) { >> log.error("authenticationexception;"+ae.getMessage()); >> return; >> } >> } >> >> log.info <http://log.info>("User [" + >> currentUser.getPrincipal() + "] logged in successfully."); >> log.info >> <http://log.info>("someattribute;"+session.getAttribute("someKey")); >> log.info <http://log.info>("is user >> authenticated;"+currentUser.isAuthenticated()); >> >> //all done - log out! >> currentUser.logout(); >> >> } >> >> } >> >> >> I am a newbie to Shiro so please help me to understand, thanks in >> advance. >> >> > > >
