Hi, I have just started working on an application to integrate Spring MVC, Apache Shiro and Ehcache. The requirement is that the user is authenticated and authorized by Apache Shiro and his session is maintained in a distributed environment using Ehcache.
The following is my web.xml <code> <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"; version="2.4"> <display-name>PlatformWeb</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/root-context.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Shiro Security --> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app> </code> The following is my root-context.xml <code> <?xml version="1.0" encoding="UTF-8"?> <beans:beans xsi:schemaLocation=" http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:mvc="http://www.springframework.org/schema/mvc"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:aop="http://www.springframework.org/schema/aop";> <beans:bean id="ds" class="com.mysql.jdbc.jdbc2.optional.MysqlDataSource"> <beans:property name="serverName" value="<ip addr>" /> <beans:property name="user" value="root" /> <beans:property name="password" value="root" /> <beans:property name="databaseName" value="<database name>" /> </beans:bean> <!-- Security Manager --> <beans:bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <beans:property name="sessionMode" value="native" /> <beans:property name="realm" ref="jdbcRealm" /> <beans:property name="sessionManager" ref="sessionManager"/> <beans:property name="cacheManager" ref="cacheManager"/> </beans:bean> <!-- Caching --> <beans:bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> <beans:property name="cacheManager" ref="ehCacheManager" /> </beans:bean> <beans:bean id="ehCacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" /> <beans:bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" /> <beans:bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> <beans:property name="sessionDAO" ref="sessionDAO" /> </beans:bean> <!-- JDBC Realm Settings --> <beans:bean id="jdbcRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm"> <beans:property name="name" value="jdbcRealm" /> <beans:property name="dataSource" ref="ds" /> <beans:property name="authenticationQuery" value="SELECT password FROM users WHERE username=? and enabled=1" /> <beans:property name="userRolesQuery" value="SELECT r.name FROM roles r, users u, users_roles ur WHERE u.id=ur.user_id AND r.id=ur.role_id AND u.username=?" /> <beans:property name="permissionsQuery" value="SELECT p.authority FROM roles r, permissions p, roles_permissions rp WHERE r.id=rp.role_id AND p.id=rp.permission_id AND r.name=?" /> <beans:property name="permissionsLookupEnabled" value="true" /> </beans:bean> <!-- Spring Integration --> <beans:bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!-- Enable Shiro Annotations for Spring-configured beans. Only run after the lifecycleBeanProcessor has run: --> <beans:bean id="annotationProxy" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <beans:bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <beans:property name="securityManager" ref="securityManager" /> </beans:bean> <!-- Secure Spring remoting: Ensure any Spring Remoting method invocations can be associated with a Subject for security checks. --> <beans:bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"> <beans:property name="securityManager" ref="securityManager" /> </beans:bean> <!-- Shiro filter --> <beans:bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <beans:property name="securityManager" ref="securityManager" /> <beans:property name="loginUrl" value="/login" /> <beans:property name="successUrl" value="/index" /> <beans:property name="unauthorizedUrl" value="/loginfailed" /> <beans:property name="filterChainDefinitions"> <beans:value> <!-- !!! Order matters !!! --> /login = anon /logout = anon /loginfailed = anon /** = authc </beans:value> </beans:property> </beans:bean> </beans:beans> </code> The following is an extract from my controller <code> @RequestMapping(value = "/login") public String login(ModelMap model) { return "login"; } @RequestMapping(value = "/index", method = RequestMethod.GET) public String listMembers(ModelMap model) { logger.info("Listing Platform Team members..."); model.put("member", new TeamMember()); model.put("memberList", memberService.listMembers()); return "member"; } </code> The following is my login.jsp <code> <form name="loginform" action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr> <td>Username:</td> <td><input type="text" name="user" maxlength="30"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="pass" maxlength="30"></td> </tr> <tr> <td colspan="2" align="left"><input type="checkbox" name="remember"><font size="2">Remember Me</font></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> </code> When I run this, I do not get any build or runtime errors. But when I try to login with authentic credentials, I come back to login.jsp page with no errors. I would appreciate any help on this. Thanks in advance. Deepthi
