1. Anything in your logs?
If you are referring to Shiro logs, I don't know where they are recorded.
If you are referring to logs capture by my application, I do not see any of
the errors taht would be thrown by the supporting code below.
2. What happens when the user isn't able to login? Are they redirected back
to the login page?
Yes. A relevant message is displayed in a pop up, and then the same login
page is displayed.
3. Is your browser rejecting the cookie? (or is it sent back to the server
on the next request?)
Where do I need to look to see this? Where do I see the requests that are
being sent? In the Console or Network tabs of browser's Developer Tools?
Here is the supporting code for logging in with Shiro:
public UserLoginBean tryLogin(String username, String password) throws
Exception {
//check for null username or password
... //return null;
// get the login bean based on the user id
UserLoginBean loginBean = getUserRecord(username);
// check for user does not exist
if(){... // return null;}
// check for password must have been reset to plain text
else if(){...}
// password is encrypted so verify user login
else {
try {
// get the currently executing user and create token
Subject newUser = SecurityUtils.getSubject();
if (newUser != null) {
logger.debug("SessionID prior to logging in:
" + newUser.getSession().getId());
...
// The username and password authentication
token. Set rememberMe to false
UsernamePasswordToken token = new
UsernamePasswordToken(username,
password.toCharArray(), false);
newUser.login(token);
...
logger.debug("SessionID after to logging in:
" + newUser.getSession().getId());
logger.debug("Is user authenticated? " +
newUser.isAuthenticated());
}
...
// successful login
logger.info("!!!!!!! Successful login !!!!!!! ");
return loginBean;
} catch (UnknownAccountException e) {
logger.error("LOGIN ERROR: No Such User Exists");
throw new InvalidLoginException();
} catch (IncorrectCredentialsException e) {
logger.error("LOGIN ERROR: Invalid Password");
throw new InvalidLoginException();
} catch (LockedAccountException e) {
logger.error("LOGIN ERROR: Locked Account");
throw new AccountLockedException();
} catch (AlreadyAuthenticatedException e) {
logger.error("LOGIN ERROR: User Already Logged In");
throw new AlreadyLoggedInException();
} catch (SessionNotAvailableException e) {
logger.error("LOGIN ERROR: Another user logged in
using current browser");
throw new BrowserSessionTakenException();
} catch (Exception e) {
logger.error(e.getMessage());
logger.error("LOGIN ERROR: General Unspecific Login
Failure");
return null;
}
}
}
--
Sent from: http://shiro-user.582556.n2.nabble.com/
