for easy of reading. here is the complete shiro.ini. https://gist.github.com/dominicfarr/9637357
On 19 March 2014 08:40, Dominic Farr <[email protected]> wrote: > shiro will do most of what you have written out of the box with a little > configuration, rather than code. > > *firstly*, i think you can drop your dao class and put it into the > shiro.ini > > [main] > > ds = com.mysql.jdbc.Driver > ds.serverName = localhost > ds.user = user > ds.password = password > ds.databaseName = db_name > > jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm > jdbcRealm.dataSource = $ds > jdbcRealm.permissionsLookupEnabled = true > jdbcRealm.authenticationQuery = "SELECT password FROM users WHERE user_name = > ?" > jdbcRealm.userRolesQuery = "SELECT role_name FROM user_rolesWHERE user_name = > ?" > jdbcRealm.permissionsQuery = "SELECT permission FROM roles_permissions WHERE > role_name = ?" > > > > > *secondly*, use a > PassThruAuthenticationFilter<http://shiro.apache.org/static/1.2.1/apidocs/org/apache/shiro/web/filter/authc/PassThruAuthenticationFilter.html>that > will pass the credentials to your UsersResetService path. to > do this you need add this to your shino.ini > > [main] > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > authc.loginUrl = /login/ > > [urls] > /login/ = authc > > > > > *thirdly, *simplify your UsersRestService class to perform the login via > shiro. > > @POST > @Path("/login/") > @Consumes("application/json") > public Response login(LoginRequest login) throws Exception { > try { > Subject currentUser = SecurityUtils.getSubject(); > currentUser.login(new UsernamePasswordToken(login.getUsername(), > login.getPassword(), login.getRememberMe())); > return Response.ok(true).build(); > } catch (AuthenticationException e) { > return Response.status(Response.Status.UNAUTHORIZED).entity("Bad > Credentials").build(); > } > } > > > > > *lastly*, this isn't anyway RESTful, but that is another conversation..... > > > > On 19 March 2014 02:55, onelazyguy <[email protected]> wrote: > >> Thank Dominic, >> I have not try your approach yet, but this is what I have: >> >> *shiro.ini* >> --------- >> [main] >> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm >> jdbcRealm.permissionsLookupEnabled = true >> ds = com.le.viet.db.HookShiroWithDB >> jdbcRealm.dataSource=$ds >> securityManager.realms = $jdbcRealm >> >> *UserTblDAO.java* (Class A) >> ----------------------------------- >> public boolean isLoginSuccess(UserToJavaToJson loginUser){ >> String username = loginUser.getUser(); >> String password = loginUser.getPass(); >> >> Subject subject = userAuthentication(username, password); >> >> if (subject != null && subject.isAuthenticated()) { >> logger.debug("successfull login"); >> return true; >> } else { >> logger.debug("Failed log in"); >> return false; >> } >> } >> >> public boolean isLoginSuccess(UserToJavaToJson loginUser){ >> String username = loginUser.getUser(); >> String password = loginUser.getPass(); >> Subject subject = userAuthentication(username, password); >> >> if (subject != null && subject.isAuthenticated()) { >> logger.debug("successfull login"); >> return true; >> } else { >> logger.debug("Failed log in"); >> return false; >> } >> } >> >> public Subject userAuthentication(String username, String pass) { >> Subject currentUser = null; >> try { >> Factory<SecurityManager> factory = new >> IniSecurityManagerFactory("classpath:shiro.ini"); >> SecurityManager securityManager = factory.getInstance(); >> >> JdbcRealm realm = (JdbcRealm) ((IniSecurityManagerFactory) >> factory).getBeans().get("jdbcRealm"); >> >> realm.setAuthenticationQuery("SELECT password FROM >> user_tbl WHERE >> username=?"); >> realm.setUserRolesQuery("SELECT role FROM user_tbl WHERE >> username=?"); >> >> realm.setPermissionsQuery("SELECT permission FROM >> user_tbl WHERE >> username=?"); >> realm.setPermissionsLookupEnabled(true); >> >> SecurityUtils.setSecurityManager(securityManager); >> >> currentUser = SecurityUtils.getSubject(); >> >> //*this is where I created the session* >> Session session = currentUser.getSession(true); >> session.setAttribute("currentUser", username); >> String currentUserValue = (String) >> session.getAttribute("currentUser"); >> >> if (currentUserValue.equals(username)) { >> logger.debug("current logged in user is: [" + >> currentUserValue + "]"); >> } >> >> if (!currentUser.isAuthenticated()) { >> UsernamePasswordToken token = new >> UsernamePasswordToken(username, pass); >> //token.setRememberMe(true); >> currentUser.login(token); >> } >> >> Subject subject = SecurityUtils.getSubject(); >> if (subject.hasRole("administrator")) { >> logger.debug("has role administrator"); >> } else { >> logger.debug("has no role"); >> } >> } catch (Exception e) { >> logger.debug("Authentication with shiro failed: \n" + e); >> } >> return currentUser; >> } >> >> *UsersRestService.java* (Class B) this is my rest endpoint >> ---------------------------------------------------------------- >> @POST >> @Path("/login/{usernamnpassparam}") >> @Consumes("application/json") >> public boolean login(@Context HttpServletRequest req, String >> usernamnpassparam){ >> >> boolean isLoginSuccess = false; >> logger.debug("json object: " + usernamnpassparam); >> >> ObjectMapper mapper = new ObjectMapper(); >> mapper.setVisibility(JsonMethod.FIELD, Visibility.ANY); >> >> mapper.configure(DeserializationConfig.Feature.FAIL_ON_UNKNOWN_PROPERTIES, >> false); >> >> UserToJavaToJson loginUser = null; >> try { >> loginUser = mapper.readValue(usernamnpassparam, >> UserToJavaToJson.class); >> logger.debug("login user: " + loginUser.getUser() + " >> pass: " + >> loginUser.getPass()); >> >> UserTblDAO userTblDAO = new UserTblDAO(); >> isLoginSuccess = userTblDAO.isLoginSuccess(loginUser); >> >> //*retrieve user session such as username and role etc >> but currentUser is >> returning null* >> //*I am trying to get the session that I set from >> UserTblDAO.java class here* >> HttpSession session = req.getSession(); >> String currentUser = (String) >> session.getAttribute("currentUser"); >> >> logger.debug("LOGGED IN AS: " + currentUser); >> } catch (JsonParseException e) { >> e.printStackTrace(); >> } catch (JsonMappingException e) { >> e.printStackTrace(); >> } catch (IOException e) { >> e.printStackTrace(); >> } >> return isLoginSuccess; >> } >> >> flow of the above code: >> 1. login restful service method calls isLoginSuccess method of >> UserTblDAO.java from UsersRestService.java >> 2. isLoginSuccess will then calls userAuthentication and passing in >> username >> and password. >> 3. userAuthentication will do the authentication and create a session and >> return it to login restful service method call >> 4. from here, I test to see if I can printout the currentUser that was >> created during session creation. >> 5. currentUser always print out as null >> >> I don't think I have my shiro.ini configured correct. >> >> Can you help me out? I am very new to shiro as well as Jersey RESTful >> api. I >> am learning as I go. >> Thank you for your time! >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/How-to-get-the-user-session-using-apache-shiro-with-jersey-RESTful-tp7579771p7579776.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
