1
我正在爲我的Web應用程序使用Apache Shiro,並且遇到麻煩讓它按預期工作。Apache Shiro +身份驗證問題
我需要的是Shiro框架的授權部分,但我不能遵循任何這些指南,因爲它們都是不同的,我只是不能讓它在我的應用程序中工作。
這裏是我想用四郎框架是什麼:
- 定義現有的login.jsp作爲我的登錄頁
- 定義時,登錄嘗試時顯示的* .JSP頁面全成
- 當登錄沒有全成,用戶停留在login.jsp的但顯示的錯誤消息對他失敗的登錄嘗試
- 所有其他* .jsp頁面exect的login.jsp不應該容易當用戶未登錄
現在我的應用程序是這樣:
- 登錄表單
action參數卡列斯login.java(servlet的) - 上全成登錄 - >頁面portal.jsp顯示
- 的page .../portal.jsp可以在不登錄的情況下調用 - >這在我的應用程序的最終版本中不應該是可能的
以下是我想到的東西遠:
shiro.ini:我的web.xml的
[main]
# define login page
authc.loginUrl = /SSP/login.jsp
# name of request parameter with username;
authc.usernameParam = username
# name of request parameter with password;
authc.passwordParam = password
# redirect after successful login
authc.successUrl = /SSP/portal.jsp
[urls]
# enable authc filter for all application pages
/SSP/**=authc
四郎部分看起來是這樣的:我的pom.xml的
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
四郎部分:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.4</version>
</dependency>
我得到的錯誤:
java.lang.IllegalArgumentException: Configuration error.
Specified object [authc] with property [loginUrl] without first defining that object's class.
Please first specify the class property first, e.g. myObject = fully_qualified_class_name and then define additional properties.
編輯:
看來這行shiro.ini的伎倆:
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
但現在我有問題,該應用程序不使用我自己的登錄類
login.java:
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String url = "/login.jsp";
// Get Login credentials from Login form
username = request.getParameter("username");
password = request.getParameter("password");
//SecurityManager securityManager = Startup.getSecurityManager();
//2. Get the current Subject:
Subject currentUser = SecurityUtils.getSubject();
//3. Login:
if (!currentUser.isAuthenticated()) {
// create UsernamePasswordToken
UsernamePasswordToken token = new UsernamePasswordToken("cn=" + username + ",ou=People,dc=maxcrc,dc=com", password);
try {
currentUser.login(token);
token.clear();
url = "/portal.jsp";
System.out.println("User [" + currentUser.getPrincipal() +"] logged succesfully");
//4. Create User Session
Session session = currentUser.getSession();
// get user_id
user_id = get_users_id(username);
// create new object of User class
User new_user = new User(user_id, username);
// Set HTTP Session Parameters
session.setAttribute("user", username);
session.setAttribute("user_id", user_id);
session.setAttribute("obj_user", new_user);
session.setAttribute("currentUser", currentUser);
} catch (UnknownAccountException uae) {
System.out.println("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
System.out.println("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
System.out.println("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
System.out.println("ERROR: " + ae);
}
// Done, redirect User to applications main page
request.getRequestDispatcher(url).forward(request, response);
}
}
如何我可以使用我自己的類(請參閱上面的login.java片段)進行身份驗證嗎?
編輯結束
任何人都可以提供如何的例子:
- 啓用授權
- 能夠成功登錄嘗試後網頁重定向
- 啓用停留在登錄頁面,但顯示登錄嘗試失敗後的錯誤消息
- 使所有其他頁面o f僅如果用戶登錄