On 06/21/2011 06:23 AM, chucks wrote:
> I just started on Shiro to test integration with Spring (I am not an expert
> on either). For ease I generated the Pizza application using Spring Roo
> provided at
> http://static.springsource.org/spring-roo/reference/html/beginning.html. I
> did all steps except the security setup. So I have this Spring app running
> with no security installed. Next I followed your documentation and decided
> to start with IniRealm.
>
> I added "shiroFilter" to web.xml and following to applicationContext.xml:
>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="realm" ref="iniRealm"/>
> </bean>
> <bean name="iniRealm" class="org.apache.shiro.realm.text.IniRealm">
> <constructor-arg type="java.lang.String"
> value="classpath:shiro.ini"/>
> </bean>
> <bean id="shiroFilter"
> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
> <property name="securityManager" ref="securityManager"/>
> <property name="loginUrl" value="/login"/>
Will this url take you to the login.jspx? If not, you should change it
to the appropriate value.
> <property name="successUrl" value="/index"/>
> <property name="unauthorizedUrl" value="/login?login_error=t"/>
>
> <property name="filterChainDefinitions">
> <value>
> /pizzas/** = authc, roles[ROLE_ADMIN]
> /toppings/** = authc, roles[ROLE_ADMIN]
> /bases/** = authc, roles[ROLE_ADMIN]
> /resources/** = anon
> /static/** = anon
> /** = anon
So, it looks to me like login.jspx is going to match this last filter.
This means that the FormAuthenticationFilter will never get called for
that url. Try adding (before this last chain), "/login = authc".
> </value>
> </property>
> </bean>
>
> I also updated the POM with Shiro Core & Spring JAR dependencies. I have the
> following in shiro.ini file kept under src/main/resources.
>
> [main]
>
> [users]
> admin = admin, ROLE_ADMIN
>
> [roles]
> ROLE_ADMIN = *
>
> [urls]
>
> Next I added a login.jspx with two text fields username & password and a
> checkbox rememberme. The form submits on to itself when we press "Submit".
> The application works fine with the changes so far, for the protected URLs I
> am taken to the "Login" page. However, when I submit the form the page just
> reloads with empty fields and nothing happens, no stack trace nothing. I
> assumed that Shiro's FormAuthenticationFilter will probably take care of the
> authentication part based on credentials provided in ini file.
>
> Please help me by telling what am I doing wrong.
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Newbie-question-on-Shiro-tp6499510p6499510.html
> Sent from the Shiro User mailing list archive at Nabble.com.
