I seem to be experiencing an issue with a two realm setup.
We have an LDAP Active Directory realm and a JDBC realm. The former we want
to use for authentication and the latter for Authorization.
Here is the crux of the issue:
I have two separate classes, being called by two separate servlets. Later we
will merge this into one class and one servlet, but for now we are trying to
keep the two realms as separate as possible. Below are the examples of them
( I am keeping out error logging for the sake of brevity). I am using
Glassfish 4, and if I restart the server and run the LDAP class, the LDAP
class will work great and the JDBC one won't. The JDBC class will say that
LDAP Authentication failed. If I then restart the Glassfish server and run
JDBC class first, it will work great each time, but LDAP will not be able to
find my user account. It seems whichever one I run first, the SecurityUtils
or some part of shiro is remembering the first realm associated with it and
logging the user against that one, regardless of what was set. So how do I
get it to properly utilize the correct realm?
LDAP Class:
public Boolean isAuthenticated(String Username, String Password){
Factory<org.apache.shiro.mgt.SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro2.ini");
org.apache.shiro.mgt.SecurityManager securityManager =
factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
System.out.println(Username);
System.out.println(Password);
UsernamePasswordToken token = new UsernamePasswordToken( Username,
Password);
Subject currentUser = SecurityUtils.getSubject();
Boolean b = false;
//Attempt login
try{
currentUser.login(token);
b = currentUser.isAuthenticated();
currentUser.logout();
}catch(Exception e){
}
JDBC Class:
public Boolean getPer(String un, String Permission){
System.setProperty("log4j.category.org.apache.shiro", "DEBUG");
DataSource ds = null;
try{
Context ctx = new InitialContext();
ds = (DataSource)ctx.lookup("jdbc/MyDataSource");
}catch(Exception e){
}
Subject User = null;
JdbcRealm realm = new org.apache.shiro.realm.jdbc.JdbcRealm();
realm.setDataSource(ds);
realm.setAuthenticationQuery("My query");
realm.setUserRolesQuery("My query");
realm.setPermissionsQuery("My query");
realm.setPermissionsLookupEnabled(true);
DefaultHashService hashService = new
org.apache.shiro.crypto.hash.DefaultHashService();
hashService.setHashIterations(500000);
hashService.setHashAlgorithmName("SHA-256");
hashService.setGeneratePublicSalt(true);
hashService.setPrivateSalt(new SimpleByteSource("MySalt"));
PasswordMatcher passwordMatcher = new
org.apache.shiro.authc.credential.PasswordMatcher();
DefaultPasswordService ps = new
org.apache.shiro.authc.credential.DefaultPasswordService();
passwordMatcher.setPasswordService(ps);
realm.setCredentialsMatcher(passwordMatcher);
DefaultSecurityManager securityManager = new
DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
realm.getAuthorizationCache().remove(SecurityUtils.getSubject().getPrincipals());
Boolean b = false;
UsernamePasswordToken token = null;
try{
User = SecurityUtils.getSubject();
if (User == null || !User.isAuthenticated()) {
token = new UsernamePasswordToken(Username, Password);
User.login(token);
}
try {
if(User.isPermitted("Admin")){
b = true;
}else{
b = User.isPermitted(Permission);
}
}catch(Exception e){
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Two-Realm-Authentication-Issue-tp7581578.html
Sent from the Shiro User mailing list archive at Nabble.com.
