Shiro's Servlet Filter has a SecurityManager instance, which is configured from your INI file. Shiro also supports a "static" security manager for dealing with requests in your application that are NOT bound to a request thread (queues, thread pools, scheduled tasks, etc). Setting the "static" security manager does NOT affect web requests.
My guess is you can simplify this configuration by just interpolating the INI configuration (filtering in env vars and system properties) https://stormpath.com/blog/string-interpolation-apache-shiro On Wed, Apr 21, 2021 at 10:07 AM Schloool <[email protected]> wrote: > Hey folks! > While setting up a custom shiro-environment I came across a problem > outsourcing the realm initialization. Using environment variables the user > may choose a custom auth-method, such as LDAP, Database, etc. > Therefore, the corresponding shiro.ini does *not* set a specific realm > instance: > > > [main] > authc.loginUrl = /login > vaadin = org.vaadin.shiro.VaadinNavigationRolesAuthorizationFilter > vaadin.loginUrl = /login > authSetup = com.project.auth.AuthSetup > > [urls] > / = anon, vaadin > /login = anon, vaadin > /stations = authc, vaadin[admin] > /organizations = authc, vaadin[admin] > /station-types = authc, vaadin[admin] > /projects = authc, vaadin[admin] > > > However, as you can see, an instance of my class AuthSetup is initialized. > This class resolves the auth method the user wants and therefore > instantiates the custom realm. In my example, the Realm I use is a class > setting up a DefaultLdapRealm: > > > @Override > public Realm initRealm() { > JndiLdapContextFactory contextFactory = new > JndiLdapContextFactory(); > > contextFactory.setUrl(environmentResolver.getUrl()); > contextFactory.setSystemUsername("cn=read-only-admin, dc=example, > dc=com"); > contextFactory.setSystemPassword("admin"); > > DefaultLdapRealm realm = new DefaultLdapRealm(); > realm.setUserDnTemplate(environmentResolver.getUserDnTemplate()); > realm.setContextFactory(contextFactory); > return realm; > } > > > The data insertes by the environment-vars are the LDAP-URL > (ldap://ldap.forumsys.com:389) and the user DN-Template > (uid={0},dc=example,dc=com). All of these data are read out correctly as I > can tell from the debug messages I am printing to my logs. > Finally, the realm created in the given method, is passed using this method > called by initializing my AuthSetup: > > > private void processAuthMethod(AuthMethodChoice authMethodChoice) { > AuthMethodFactory authMethodFactory = new AuthMethodFactory(); > > AuthMethod authMethod = > authMethodFactory.getAuthMethod(authMethodChoice); > initAuthEnvironmentResolver(authMethod); > > Realm realm = authMethod.initRealm(); > SecurityManager securityManager = new > DefaultSecurityManager(realm); > SecurityUtils.setSecurityManager(securityManager); > System.out.println(format("Auth SecurityManager instance > initialized > with custom Realm %s.", realm.getClass().getSimpleName())); > } > > > As you can tell by the last lines of code in this method, I try to pass in > the loaded Realm using a DefaultSecurityManager. Also, the success message > gets printed successfully ("Auth SecurityManager instance initialized with > custom Realm DefaultLdapRealm."). Moreover, the DefaultSecurityManager > seems > to be set correctly using the method, as SecurityUtils.getSecurityManager() > returns an DefaultSecurityManager instance again. > -------------------------------------- > > So far so good. The problem occurs when logging in using the default shiro > login()-Method. Whenever logging in, the following exception comes up: > > > WARN org.apache.shiro.authc.AbstractAuthenticator - Authentication failed > for token submission [org.apache.shiro.authc.UsernamePasswordToken - > ExampleUser, rememberMe=false]. Possible unexpected error? (Typical or > expected login exceptions should extend from AuthenticationException). > java.lang.IllegalStateException: Configuration error: No realms have been > configured! One or more realms must be present to execute an > authentication > attempt. > > > Can anybody explain why no realm seems to be set although everything > descripted above gets executed correctly? Also, I am willing to provide > more > information regarding my background system when needed. > I am thankful for every advice you can give. > > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
