I did it, this not solve my error:
Here is my filter definition
Tcharlie wrote:
>
> <filter>
> <filter-name>JSecurityFilter</filter-name>
>
> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
> <init-param>
> <param-name>config</param-name>
> <param-value>
> [main]
> securityManager = org.jsecurity.web.WebRememberMeManager
> realmA = realm.XaKiRealm
>
> [filters]
> authc =
> org.jsecurity.web.filter.authc.PassThruAuthenticationFilter
> authc.successUrl = /jsp/logon.jsp
> authc.loginUrl = /jsp/logon.jsp
> roles.unauthorizedUrl = /jsp/accessdenied.html
>
> [urls]
> /jsp/cardmgmt.jsp = authc,
> perms[urls:/jsp/cardmgmt.*:access]
> /jsp/newscorner.html = authc,
> perms[urls:/jsp/newscorner.html:access]
> /jsp/changepwd.jsp = authc,
> perms[urls:/jsp/changepwd.*:access]
> </param-value>
> </init-param>
> </filter>
>
My first jsp:
Tcharlie wrote:
>
> <ul>
> <li> logon.jsp The Logon/Logoff page </li>
> <li> changepwd.jsp The Change Password page </li>
> <li> cardmgmt The Card Management page </li>
> <li> newscorner.html Employee News Corner </li>
> </ul>
>
My realm:
Tcharlie wrote:
>
> public class XaKiRealm extends AuthorizingRealm {
> @Override
> protected AuthorizationInfo doGetAuthorizationInfo(
> PrincipalCollection principals) {
>
> if (principals == null) {
> throw new AuthorizationException(
> "Les attributs utilisateurs ne doit pas
> être vide.");
> }
> SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
> try {
> info.setStringPermissions(PermissionResolver
> .resolvePermissions(((Group)
> principals.asList().get(2))));
> } catch (NamingException e) {
> e.printStackTrace();
> }
> return info;
> }
>
> @Override
> protected AuthenticationInfo doGetAuthenticationInfo(
> AuthenticationToken arg0) throws
> AuthenticationException {
> UserPasswordMandatorAuthenticator auth = new
> UserPasswordMandatorAuthenticator();
> try {
> AuthenticationReply r = auth
>
> .authenticate((UsernamePasswordMandatorToken) arg0);
> return r;
> } catch (UnsupportedCredentialException e) {
> throw new UnsupportedTokenException(e.getMessage());
> } catch (AccessTimeException e) {
> throw new ExcessiveAttemptsException(e.getMessage());
> } catch (LockedByAdminException e) {
> throw new LockedAccountException(e.getMessage());
> } catch (LockedExpiredPasswordException e) {
> throw new ExpiredCredentialsException(e.getMessage());
> } catch (LockedInvalidPasswordException e) {
> throw new IncorrectCredentialsException(e.getMessage());
> } catch (net.atos.xa.rm.AuthenticationException e) {
> throw new AuthenticationException(e.getMessage());
> } catch (NamingException e) {
> throw new ConcurrentAccessException(e.getMessage());
> } catch (UserNameValidationException e) {
> throw new UnknownAccountException(e.getMessage());
> }
> }
>
> @Override
> public final boolean supports(final AuthenticationToken token) {
> boolean supported = false;
> if
> (token.getClass().equals(UsernamePasswordMandatorToken.class)) {
> supported = true;
> }
> return supported;
> }
> }
>
and finally my token:
Tcharlie wrote:
>
>
> public class UsernamePasswordMandatorToken implements
> InetAuthenticationToken,
> RememberMeAuthenticationToken {
>
> private static final long serialVersionUID = 1L;
>
> // constructeur par defaut
> public UsernamePasswordMandatorToken() {
> rememberMe = false;
> }
>
> // constructeurs avec arguments
> public UsernamePasswordMandatorToken(String username, char password[],
> String mandator) {
> this(username, password, mandator, false, null);
> }
>
> public UsernamePasswordMandatorToken(String username, String password,
> String mandator) {
> this(username, password == null ? null : password.toCharArray(),
> mandator, false, null);
> }
>
> public UsernamePasswordMandatorToken(String username, char password[],
> String mandator, InetAddress inetAddress) {
> this(username, password, mandator, false, inetAddress);
> }
>
> public UsernamePasswordMandatorToken(String username, String password,
> String mandator, InetAddress inetAddress) {
> this(username, password == null ? null : password.toCharArray(),
> mandator, false, inetAddress);
> }
>
> public UsernamePasswordMandatorToken(String username, char password[],
> String mandator, boolean rememberMe) {
> this(username, password, mandator, rememberMe, null);
> }
>
> public UsernamePasswordMandatorToken(String username, String password,
> String mandator, boolean rememberMe) {
> this(username, password == null ? null : password.toCharArray(),
> mandator, rememberMe, null);
> }
>
> // Constructeur effectif
> public UsernamePasswordMandatorToken(String username, char password[],
> String mandator, boolean rememberMe, InetAddress
> inetAddress) {
> this.rememberMe = false;
> this.username = username;
> this.password = password;
> this.mandator = mandator;
> this.rememberMe = rememberMe;
> this.inetAddress = inetAddress;
> }
>
> public UsernamePasswordMandatorToken(String username, String password,
> String mandator, boolean rememberMe, InetAddress
> inetAddress) {
> this(username, password == null ? null : password.toCharArray(),
> mandator, rememberMe, inetAddress);
> }
>
> // getters & setters
> public String getUsername() {
> return username;
> }
>
> public void setUsername(String username) {
> this.username = username;
> }
>
> public char[] getPassword() {
> return password;
> }
>
> public void setPassword(char password[]) {
> this.password = password;
> }
>
> public String getMandator() {
> return mandator;
> }
>
> public void setMandator(String mandator) {
> this.mandator = mandator;
> }
>
> public InetAddress getInetAddress() {
> return inetAddress;
> }
>
> public void setInetAddress(InetAddress inetAddress) {
> this.inetAddress = inetAddress;
> }
>
> public boolean isRememberMe() {
> return rememberMe;
> }
>
> public void setRememberMe(boolean rememberMe) {
> this.rememberMe = rememberMe;
> }
>
> // Override: retourne la liste des principals
> public Object getPrincipal() {
> List<String> res = new ArrayList<String>();
> res.add(getUsername());
> res.add(getMandator());
> return res;
> }
>
> // Override: retourne la liste des credentials
> public Object getCredentials() {
> return getPassword();
> }
>
> // Vide le token
> public void clear() {
> username = null;
> inetAddress = null;
> rememberMe = false;
> if (password != null) {
> for (int i = 0; i < password.length; i++)
> password[i] = '\0';
>
> password = null;
> }
> mandator = null;
> }
>
> public String toString() {
> StringBuffer sb = new StringBuffer();
> sb.append(getClass().getName());
> sb.append(" - ");
> sb.append(username);
> sb.append(", rememberMe=").append(rememberMe);
> if (inetAddress != null)
> sb.append(" (").append(inetAddress).append(")");
> sb.append("-mandator:");
> sb.append(mandator);
> return sb.toString();
> }
>
> private String username;
> private char password[];
> private boolean rememberMe;
> private InetAddress inetAddress;
> private String mandator;
> }
>
CardManagement authorization works because it's done via servlet.
But newscorner results in 401 error because it's done via direct link (< A
href >).
Do you see something going wrong?
Regards, see you tomorrow (end of work for me^^), Tcharlie
Les Hazlewood-2 wrote:
>
> If that is the case, you will want to redefine 'authc' to be the
> PassthroughAuthenticationFilter. This will allow the standard 'authc'
> behavior, but requires you to implement your own Form and Form
> controller (which you have already done):
>
> [main]
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
> authc.loginUrl = /path/to/login.jsp
> authc.successUrl = /path/after/successful/login
>
> That should do the trick.
>
> Cheers,
>
> Les
>
> On Mon, Jul 20, 2009 at 11:13 AM, Tcharlie<[email protected]> wrote:
>>
>>
>>
>> Les Hazlewood-2 wrote:
>>>
>>>>> How is does the user authenticate with your application? Do they fill
>>>>> in and submit a form or are you using Basic HTTP Authentication or
>>>>> some other method?
>>>>>
>>>>>
>>>>
>>>> I've got a jsp form to authenticate my users. the link is good because
>>>> if
>>>> my
>>>> user is not authenticated, he is redirected on my login page
>>>
>>> You need to tell the authentication filter what your login url is so
>>> it knows where to redirect if a user is not authenticated:
>>>
>>> [main]
>>> authc.loginUrl = /some/path/to/login.jsp
>>>
>>> Cheers,
>>>
>>> Les
>>>
>>>
>>
>> It's already done and it works fine.
>>
>> I forgot to precise that I can't use the FormAuthenticationFilter (I
>> don't
>> know wich filter you put as default)r, because my authentication token
>> encloses 3 params (username, password and mandator, wich represent the
>> authorisation context (toto may be the hsbc chairman (full application
>> access), but Citybank customer (restricted access)).
>> My realm supports this token but FormAuthenticationFilter throws a
>> listenerstart error if I use it.
>>
>> Unfortunately, the link I have to clic on is not hidden to the
>> unauthorized
>> users resulting an access permitted by ki when I clic on, but a
>> " Etat HTTP 401 -
>>
>> type Rapport d'�tat
>>
>> message
>>
>> description La requ�te n�cessite une authentification HTTP ().
>> Apache Tomcat/6.0.18"
>>
>> Error.
>> I deduce that ki allowed me to pass (I wasn't redirected on login page)
>> and
>> challenged my http Headers. Due to the fact that I don't have the
>> authentication header (I lost it when I clicked on the link), the server
>> doesn't allow me see my page...
>> --
>> View this message in context:
>> http://n2.nabble.com/BasicHttpHeader-and-jsp-links-tp3288699p3289410.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
--
View this message in context:
http://n2.nabble.com/BasicHttpHeader-and-jsp-links-tp3288699p3289577.html
Sent from the Shiro User mailing list archive at Nabble.com.
