Hey folks!
While setting up a custom shiro-environment I came across a problem
outsourcing the realm initialization. Using environment variables the user
may choose a custom auth-method, such as LDAP, Database, etc.
Therefore, the corresponding shiro.ini does *not* set a specific realm
instance:
[main]
authc.loginUrl = /login
vaadin = org.vaadin.shiro.VaadinNavigationRolesAuthorizationFilter
vaadin.loginUrl = /login
authSetup = com.project.auth.AuthSetup
[urls]
/ = anon, vaadin
/login = anon, vaadin
/stations = authc, vaadin[admin]
/organizations = authc, vaadin[admin]
/station-types = authc, vaadin[admin]
/projects = authc, vaadin[admin]
However, as you can see, an instance of my class AuthSetup is initialized.
This class resolves the auth method the user wants and therefore
instantiates the custom realm. In my example, the Realm I use is a class
setting up a DefaultLdapRealm:
@Override
public Realm initRealm() {
JndiLdapContextFactory contextFactory = new
JndiLdapContextFactory();
contextFactory.setUrl(environmentResolver.getUrl());
contextFactory.setSystemUsername("cn=read-only-admin, dc=example,
dc=com");
contextFactory.setSystemPassword("admin");
DefaultLdapRealm realm = new DefaultLdapRealm();
realm.setUserDnTemplate(environmentResolver.getUserDnTemplate());
realm.setContextFactory(contextFactory);
return realm;
}
The data insertes by the environment-vars are the LDAP-URL
(ldap://ldap.forumsys.com:389) and the user DN-Template
(uid={0},dc=example,dc=com). All of these data are read out correctly as I
can tell from the debug messages I am printing to my logs.
Finally, the realm created in the given method, is passed using this method
called by initializing my AuthSetup:
private void processAuthMethod(AuthMethodChoice authMethodChoice) {
AuthMethodFactory authMethodFactory = new AuthMethodFactory();
AuthMethod authMethod =
authMethodFactory.getAuthMethod(authMethodChoice);
initAuthEnvironmentResolver(authMethod);
Realm realm = authMethod.initRealm();
SecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
System.out.println(format("Auth SecurityManager instance initialized
with custom Realm %s.", realm.getClass().getSimpleName()));
}
As you can tell by the last lines of code in this method, I try to pass in
the loaded Realm using a DefaultSecurityManager. Also, the success message
gets printed successfully ("Auth SecurityManager instance initialized with
custom Realm DefaultLdapRealm."). Moreover, the DefaultSecurityManager seems
to be set correctly using the method, as SecurityUtils.getSecurityManager()
returns an DefaultSecurityManager instance again.
--------------------------------------
So far so good. The problem occurs when logging in using the default shiro
login()-Method. Whenever logging in, the following exception comes up:
WARN org.apache.shiro.authc.AbstractAuthenticator - Authentication failed
for token submission [org.apache.shiro.authc.UsernamePasswordToken -
ExampleUser, rememberMe=false]. Possible unexpected error? (Typical or
expected login exceptions should extend from AuthenticationException).
java.lang.IllegalStateException: Configuration error: No realms have been
configured! One or more realms must be present to execute an authentication
attempt.
Can anybody explain why no realm seems to be set although everything
descripted above gets executed correctly? Also, I am willing to provide more
information regarding my background system when needed.
I am thankful for every advice you can give.
--
Sent from: http://shiro-user.582556.n2.nabble.com/
