Anything in your logs? What happens when the user isn't able to login? Are they redirected back to the login page?
Is your browser rejecting the cookie? (or is it sent back the the server on the next request?) On Wed, May 19, 2021 at 12:04 PM alina.frey <[email protected]> wrote: > I will try to replace Shiro with intermediary versions between 1.2.3 and , > and will get back to you with results. > > Meanwhile, here is what I have in the shiro.ini file. > > > > > # ======================= > # Shiro INI configuration > # ======================= > > [main] > > # authorization paths > shiro.loginUrl = /<app_name>_main.html > > #Sha256 encryption > credentialsMatcher = > org.apache.shiro.authc.credential.Sha256CredentialsMatcher > credentialsMatcher.storedCredentialsHexEncoded = false > credentialsMatcher.hashIterations = 1024 > > # Oracle DataSource JNDI Remote Connection (Production) > ds = org.apache.shiro.jndi.JndiObjectFactory > ds.requiredType = javax.sql.DataSource > ds.resourceName = jdbc/dbConnectionDS > > # JDBC Realm Setup > jdbcRealm = <path_to_app>.server.auth.CustomJdbcRealm > > jdbcRealm.permissionsLookupEnabled = true > jdbcRealm.dataSource = $ds > jdbcRealm.credentialsMatcher = $credentialsMatcher > > ### SQL Queries, Modified and System Default > # User Query > jdbcRealm.authenticationQuery = SELECT password, salt FROM <users_table> > WHERE user_id = ? > > # User Roles > jdbcRealm.userRolesQuery = SELECT lab_id FROM <users_table> WHERE user_id = > ? > > # User Permissions > jdbcRealm.permissionsLookupEnabled = false > > # Set Security Manager Properties > cookie = org.apache.shiro.web.servlet.SimpleCookie > cookie.name = <session_name>.session > cookie.path = /; > #sessionValidationScheduler = > org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler > #sessionValidationScheduler.interval = 180000 > sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > sessionManager.sessionDAO = $sessionDAO > sessionManager.sessionIdCookie = $cookie > # Session timeout in msec...currently 15 mins > sessionManager.globalSessionTimeout = 900000 > #sessionManager.sessionValidationScheduler = $sessionValidationScheduler > securityManager = <path_to_app>.server.auth.UniquePrincipalSecurityManager > securityManager.sessionManager = $sessionManager > cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > securityManager.cacheManager = $cacheManager > securityManager.realms = $jdbcRealm > > [users] > > > [roles] > > > [urls] > > /<app_name>_main.html = authc > /logout = logout > /<app_name>/FileUploadServlet = authc > /<app_name>/FileDownloadServlet = authc > /<app_name>/UserUnloadServlet = authc > /<app_name>/soa_service = authc > /<app_name>/data_update = authc > /<app_name>/data_view = authc > /<app_name>/load_lists = authc > /<app_name>/error_services = authc > /<app_name>/query_db = authc > > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
