Hi,
I'm new in Apache Shiro. My aim to secure application using Shiro with
jdbcRealm. Following SHIRO.INI file I have created :
[main]
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
# datasource
ds = oracle.jdbc.pool.OracleConnectionPoolDataSource
ds.URL = jdbc:oracle:thin:@localhost:1521:WBORCLSTDONE
ds.user = wisebankdblive24112013
ds.password = issac123
jdbcRealm.dataSource = $ds
jdbcRealm.authenticationQuery = "SELECT password FROM WB_NETB_USER_MASTER
WHERE loginid = ?"
# definition of matcher matching hashes instead of passwords
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName=SHA-256
# enabling matcher in iniRealm (object responsible for authentication)
jdbcRealm.credentialsMatcher = $sha256Matcher
[users]
[roles]
[urls]
# enable authc filter for all application pages
/InternetBanking_v1/**=authc
I have written RESTful service to authenticate user as below :
@POST
@Path("/auth/userlogin/")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public UserLogin userLogin(UserLogin login) {
User usr = new User();
/*
* ------ Check Login Credential
*/
UserLogin loggedInUser = new UserLogin();
try{
//1. Loading the INI configuration
IniSecurityManagerFactory factory = new
IniSecurityManagerFactory("shiro.ini");
//2. Creating the SecurityManager
RealmSecurityManager realmSecurityManager =
(RealmSecurityManager) factory.getInstance();
//3. Making it accessible
SecurityUtils.setSecurityManager((org.apache.shiro.mgt.SecurityManager)
realmSecurityManager);
//4. Creating Token
UsernamePasswordToken token = new
UsernamePasswordToken(login.getLoginid(), login.getPassword());
//5. Obtaining the current Subject:
Subject currentUser = SecurityUtils.getSubject();
try {
//6. Login:
currentUser.login(token);
//7. Checking Authenticated
if(currentUser.isAuthenticated()){
System.out.println("Successful Login ----- !!");
}
}
catch (UnknownAccountException uae ) {
uae.getMessage();
return null;
} catch (IncorrectCredentialsException ice ) {
ice.getMessage();
return null;
} catch (LockedAccountException lae ) {
lae.getMessage();
return null;
} catch(AuthenticationException aex){
aex.getMessage();
return null;
}
catch (Exception ex) {
ex.getMessage();
System.out.println("Incorrect username/password!");
return null;
}
}catch(Exception e1){
e1.printStackTrace();
}
return loggedInUser;
}
Here TWO Problems arise :
1. During running this code it generates ERROR as follows -
10:33:41,308 ERROR [org.apache.shiro.realm.jdbc.JdbcRealm]
(http-localhost-127.0.0.1-8443-3) There was a SQL error while authenticating
user [11112222]:
java.sql.SQLException: Invalid column index
at
oracle.jdbc.driver.OraclePreparedStatement.setStringInternal(OraclePreparedStatement.java:5303)
[ojdbc6.jar:11.2.0.2.0]
at
oracle.jdbc.driver.OraclePreparedStatement.setString(OraclePreparedStatement.java:5291)
[ojdbc6.jar:11.2.0.2.0]
at
oracle.jdbc.driver.OraclePreparedStatementWrapper.setString(OraclePreparedStatementWrapper.java:278)
[ojdbc6.jar:11.2.0.2.0]
at
org.apache.shiro.realm.jdbc.JdbcRealm.getPasswordForUser(JdbcRealm.java:281)
[shiro-core-1.2.3.jar:1.2.3]
at
org.apache.shiro.realm.jdbc.JdbcRealm.doGetAuthenticationInfo(JdbcRealm.java:221)
[shiro-core-1.2.3.jar:1.2.3]
2) I want to return the entity UserLogin to the caller method after
successful authentication - How can I do that ?
Please anybody answer these problems. What I am doing wrong !
Regards,
Jayanta P.
--
View this message in context:
http://shiro-developer.582600.n2.nabble.com/Error-Occurs-During-Login-with-Apache-Shiro-tp7578423.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
