I am using Spring mvc and Shiro as authentication solution, and register a
shiroFilter by creating a new implementation of WebApplicationInitializer as
below:
public class GoodXShiroFilterInitializer implements
WebApplicationInitializer {
@Override
public void onStartup(ServletContext servletContext) throws
ServletException {
// TODO Auto-generated method stub
Dynamic filter = servletContext.addFilter("shiroFilter",
DelegatingFilterProxy.class);
filter.setInitParameter("targetFilterLifeCycle", "true");
filter.addMappingForUrlPatterns(null, false, "/*");
}
}
and I create another security config to generate shiroFilter bean as below:
@Configuration
@ComponentScan({"com.goodx.services", "com.goodx.repository"})
public class GoodXWebSecurityConfig {
@Autowired
private DataSource dataSource;
@Autowired
private GoodXUserService goodXUserService;
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new
ShiroFilterFactoryBean();
Map<String, String> filterChainDefinitionMapping = new
HashMap<String,
String>();
filterChainDefinitionMapping.put("/login.jsp", "authc");
filterChainDefinitionMapping.put("/logout", "logout");
filterChainDefinitionMapping.put("/**", "anon");
shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMapping);
shiroFilter.setSecurityManager(securityManager());
//shiroFilter.setLoginUrl("/login.jsp");
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new AnonymousFilter());
AuthenticationFilter authenticationFilter = new
FormAuthenticationFilter();
authenticationFilter.setLoginUrl("/login.jsp");
authenticationFilter.setSuccessUrl("/home");
filters.put("authc", authenticationFilter);
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setRedirectUrl("/login?logout");
filters.put("logout", logoutFilter);
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilter.setFilters(filters);
return shiroFilter;
}
@Bean(name = "securityManager")
public DefaultWebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new
DefaultWebSecurityManager();
securityManager.setRealm(jdbcRealm());
return securityManager;
}
@Bean(name = "realm")
@DependsOn("lifecycleBeanPostProcessor")
public JdbcRealm jdbcRealm() {
JdbcRealm realm = new GoodXRealm(this.goodXUserService);
HashedCredentialsMatcher credentialsMatcher = new
HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName(Sha256Hash.ALGORITHM_NAME);
realm.setCredentialsMatcher(credentialsMatcher);
realm.setDataSource(dataSource);
realm.setUserRolesQuery("select role_name from goodx_user_roles
where
email = ?");
realm.setAuthenticationQuery("select password from goodx_users
where
username = ?");
realm.setPermissionsQuery("select permission from
goodx_roles_permissions
where rolename = ?");
realm.init();
return realm;
}
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
I hear that if configurate properly, shiro will automatically finish
authentication without writing any servlet involving therefore no controller
needed (please correct me if not right), so in my controller (only one
controller in my application) I do not mapping to request /login or
/login.jsp, etc.
below is my login.jsp:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Main Login</title>
</head>
<body>
<%
Object message = request.getAttribute("message");
if (message != null)
out.println(message.toString());
%>
Login
<form name="loginform" action="" method="post">
E-Mail
<input type="text" name="username"/>
<br/>
Password
<input type="password" name="password"/>
<br/>
<input type="submit"/>
</form>
</body>
</html>
when I input http://localhost:8080/goodx/login.jsp, I get
HTTP Status 404 - /goodx/login.jsp
type Status report
message /goodx/login.jsp
description The requested resource is not available.
--------------------------------------------------------------------------------
Apache Tomcat/8.0.15
when I look into the source code, in onAccessDenied function of
FormAuthenticationFilter, because isLoginSubmission return false, all
filters is finished, but no login.jsp passed to response.
Please somebody help me out, and explain how the shiro to do authentication
in details.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/authentication-shiro-FormAuthenticationFilter-cannot-response-login-jsp-tp7580946.html
Sent from the Shiro User mailing list archive at Nabble.com.
