Hi,
Is there an example demonstrating securing a web application hosted in Pax
Web/Karaf using Apache Shiro?
(I use Pax Wicket, but I presume this applies to any Pax Web app?)
Should I use shiro-core or shiro-web ?
Shiro Karaf feature is available
at mvn:org.apache.shiro/shiro-features/1.2.1/xml/features so installing it
is easy, but I am confused how to use it..
i tried something like :
private transient Logger log = LoggerFactory.getLogger(LoginPage.class);
private final LoginFormModel loginFormModel = new LoginFormModel();
private transient final Subject currentUser;
public LoginPage() {
super();
Ini ini = new Ini();
ini.load(LoginPage.class.getResourceAsStream("default.realm.ini"));
IniRealm defaultRealm = new IniRealm(ini);
SecurityUtils.setSecurityManager(new DefaultWebSecurityManager(
defaultRealm));
currentUser = SecurityUtils.getSubject();
add(new Label("currentUser", String.valueOf(currentUser.getPrincipal())));
final Form<LoginFormModel> loginForm = new
Form<LoginFormModel>("loginForm", new
Model<LoginFormModel>(loginFormModel));
add(loginForm);
loginForm.add(new TextField<String>("username", new
PropertyModel<String>(loginFormModel , "username")));
loginForm.add(new PasswordTextField("password", new
PropertyModel<String>(loginFormModel , "password")));
loginForm.add(new CheckBox("rememberMe", new
PropertyModel<Boolean>(loginFormModel, "rememberMe")));
loginForm.add(new AjaxButton("login") {
@Override
protected void onSubmit(AjaxRequestTarget target, Form<?> form) {
log.info("Processing {}", loginFormModel);
target.add(feedbackPanel);
currentUser.login(new UsernamePasswordToken(loginFormModel
.getUsername(), loginFormModel.getPassword()
.toCharArray()));
super.onSubmit(target, form);
}
@Override
protected void onError(AjaxRequestTarget target, Form<?> form) {
target.add(feedbackPanel);
super.onError(target, form);
}
});
}
But got:
Unexpected RuntimeException
Last cause: SessionContext must be an HTTP compatible implementation.
WicketMessage: Method onRequest of interface
org.apache.wicket.behavior.IBehaviorListener targeted at
org.apache.wicket.ajax.markup.html.form.AjaxButton$1 {event='onclick'}
on component [ [Component id = login]] threw an exception
Stacktrace
Root cause:
java.lang.IllegalArgumentException: SessionContext must be an HTTP
compatible implementation.
at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:103)
at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.start(ServletContainerSessionManager.java:64)
at
org.apache.shiro.mgt.SessionsSecurityManager.start(SessionsSecurityManager.java:121)
at
org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:336)
at
org.apache.shiro.subject.support.DelegatingSubject.getSession(DelegatingSubject.java:312)
at
org.apache.shiro.mgt.DefaultSubjectDAO.mergePrincipals(DefaultSubjectDAO.java:182)
at
org.apache.shiro.mgt.DefaultSubjectDAO.saveToSession(DefaultSubjectDAO.java:163)
at org.apache.shiro.mgt.DefaultSubjectDAO.save(DefaultSubjectDAO.java:144)
at
org.apache.shiro.mgt.DefaultSecurityManager.save(DefaultSecurityManager.java:383)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:183)
at
org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:283)
at
org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:256)
at org.soluvas.web.login.LoginPage$1.onSubmit(LoginPage.java:56)
--
Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on
LinkedIn<http://id.linkedin.com/in/hendyirawan>
Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator
Bisnis | Bandung
_______________________________________________
general mailing list
general@lists.ops4j.org
http://lists.ops4j.org/mailman/listinfo/general
