Hi Les,
first a big THX, I successfully got it up and running by starting with the
sample from the subversion repository and progressively customizing it.
Now I want to change the authentication mechanism from authcBasic to form based
authc. Therefore I changed the ini in the following way:
"[main]
securityManager = org.apache.shiro.web.mgt.DefaultWebSecurityManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
secureRealm = de.hshsoft.custobee.security.SecureRealm
authc.loginUrl = /login/do
[urls]
/acp/plugin = authc, rest
/contacts = authc, rest
/logout = authc, rest
/acp/user = authc, rest
/acp/user/new = authc, rest
/** = anon"
Instead of redirecting me to the given loginUrl I got a 500 error-message with
the text "No SessionManager".
The console-logging gives a hint in DEBUG-level:
"org.eclipse.jetty.util.log: REQUEST /contacts on
org.eclipse.jetty.server.nio.selectchannelconnecto...@190a0d6
org.eclipse.jetty.util.log:
servlet=org.restlet.ext.servlet.ServerServlet-28678543
org.eclipse.jetty.util.log: servlet holder=
org.eclipse.jetty.util.log: chain=
org.eclipse.jetty.util.log: call filter
org.apache.shiro.web.servlet.IniShiroFilter
org.apache.shiro.web.servlet.AdviceFilter: Filter execution resulted in an
unexpected Exception (not IOException or ServletException as the Filter API
recommends). Wrapping in ServletException and propagating."
The corresponding stacktrace says:
"java.lang.IllegalStateException: No SessionManager
at org.eclipse.jetty.server.Request.getSession(Request.java:1097)
at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:227)
at
org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:142)
at
org.apache.shiro.web.servlet.ShiroHttpServletRequest.getSession(ShiroHttpServletRequest.java:164)
at
org.apache.shiro.web.session.mgt.ServletContainerSessionManager.createSession(ServletContainerSessionManager.java:109)
[...]"
I have no clue why Shiro doesn't use the given default SessionManager or what I
should do to make things work... :-/
P.s.
On my opinion Shiro is a great security framework, but a little bit more
documentation how these things work and how to configure the whole framework
for different sceanrios would be really a big step forward to easier
implementation and bigger popularity.
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Les Hazlewood
> Sent: Tuesday, September 28, 2010 7:16 PM
> To: [email protected]
> Subject: Re: custom authentication and authorization
>
> Hi Christian,
>
> Your config looks fine - it appears that it should be working. Could
> you please try a similar config with the Shiro sample web application
> (in the Shiro source distribution under samples/web) and see what
> happens? If it still fails, please post the config that you used with
> the sample app and I'll try it myself.
>
> Les
>
> On Mon, Sep 27, 2010 at 11:11 PM, Christian Scharr
> <[email protected]> wrote:
> > Hi,
> > after some experimental testing and evaluation I decided to use
> Apache Shiro in one of my projects.
> > So I tried to customize Shiros authentication/authorization behaviour
> by subclassing the org.apache.shiro.realm.AuthorizingRealm abstract
> class and putted it in my ini-config.
> >
> > Now my INI looks like:
> > "[main]
> > rest = org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
> > secureRealm = de.hshsoft.custobee.security.SecureRealm
> >
> > [urls]
> > /acp/plugin = authcBasic, rest
> > /contacts = authcBasic, rest
> > /logout = authcBasic, rest
> > /acp/user = authcBasic, rest
> > /acp/user/new = authcBasic, rest
> > /** = anon"
> >
> > I've putted some logging messages into my Realm-class so I can see
> what's going on.
> > And here's the problem:
> > - after reading the ini, the realm class is instantiated [OK]
> > - trying to access one of the "protected" resources shows me the
> wished login-prompt [OK]
> > - sending the filled login-prompt never ever executes the
> doGetAuthenticationInfo() or doGetAuthorizationInfo() methods of my
> realm [FAILURE]
> >
> > I've no idea what's wrong with my code or my approach... :-(
> > Please give me a tip to the right direction to get this code running.
> >
> > Mit freundlichen Grüßen,
> > Greets,
> >
> > Christian Scharr
> > Dipl. Wirtschaftsinformatiker (BA)
> > MESO-Entwicklung
> > ----------
> > HSH Soft- und Hardware Vertriebs GmbH
> > Rudolf-Diesel-Straße 2
> > 16356 Ahrensfelde
> > Tel. (Zentrale): +49 (0)30/94 004 0
> > Tel. (Hotline): +49 (0)30/94 004 444
> > Fax: +49 (0)30/94 004 400
> > eMail: [email protected]
> > ---
> > Amtsgericht Frankfurt (Oder): HRB 7352 FF
> > Geschäftsführer: Stephan Hauber
> >
> >
> >
