Hi everybody...I've spent the past few days trying to figure this out, and am
now finally (!) willing to admit I cannot - without somebody else's help!
I'm looking to protect specific paths of my servlet with a "token"
string...this "token" is a sort of username/password combo that is passed as
a URL parameter (over https, of course).
I'm using shiro-all, v.1.1.0 (via maven).
My trouble is that, no matter what URL parameters I pass (including the
desired "?token=blahblahbla...."), my request ends up in the
MyAuthenticatingFilter.onAccessDenied() method.
I've place breakpoints on EVERY return statement on each of my classes'
methods, but the only one getting called is
MyAuthenticatingFilter.onAccessDenied().
>From what I can tell, the MyRealm.supports() method isn't getting called -
despite explicitly setting the realms property in the SecurityManager.
Can anybody offer insight on what might be happening here? Should I be
extending/implementing some other classes instead? (any and all suggestions
are welcome...i'm at the end of my road here...I've been starring at the
help docs for so long, they are quickly turning into visible mush).
Thanks for reading.
Bryan
My ini config looks like this:
/[main]
myRealm = com.blah.playground.MyAuthenticatingRealm
myFilter = com.blah.playground.MyAuthenticatingFilter
securityManager.realms = $myRealm
[urls]
/** = myFilter
/
And my classes look like this:
/public class MyAuthenticatingFilter extends AuthenticatingFilter {
@Override
protected AuthenticationToken createToken(ServletRequest request,
ServletResponse arg1) throws Exception {
String tokenParam = request.getParameter("token");
if (tokenParam == null)
throw new WebApplicationException(Status.BAD_REQUEST);
return new MyAuthenticationToken(tokenParam);
}
@Override
protected boolean onAccessDenied(ServletRequest arg0, ServletResponse
arg1)
throws Exception {
// TODO Auto-generated method stub
return false;
}
}/
and:
/public class MyRealm extends AuthorizingRealm {
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
arg0) {
// TODO Auto-generated method stub
return null;
}
public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token)
throws AuthenticationException {
//cast this to my token
MyAuthenticationToken theToken = (MyAuthenticationToken) token;
if (theToken.getUserToken().equalsIgnoreCase("234"))
{
//good token
return new SimpleAuthenticationInfo("bryan",
theToken.getUserToken(),
getName());
}
return null;
}
@Override
public boolean supports(AuthenticationToken arg0) {
if (arg0 != null)
return arg0 instanceof MyAuthenticationToken;
return false;
}
}/
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Trouble-with-custom-filter-custom-realm-tp6685837p6685837.html
Sent from the Shiro User mailing list archive at Nabble.com.
