I understand that the authc is not seeing my login submission as there is no error on valid or invalid authentication details. If I hit /index from my browser, I am redirected back to login.jsp. I will not be able to set loginUrl to /login.jsp because it is using spring MVC where all the views are stored under WEB-INF.
-----Original Message----- From: Jared Bunting [mailto:[email protected]] Sent: 05 January 2012 11:32 To: [email protected] Subject: Re: Not able to login - No error shown Given that, your issue may be much closer to what Jeff describes. You map the login page to "/login" but then you have the login form in login.jsp which just submits to itself. I haven't used Spring MVC in several years, but I think the issue is still that authc is not seeing your login submission. What happens if you hit "/index" from your browser? What if you set "loginUrl" to "/login.jsp" ? On Wed 04 Jan 2012 11:13:15 PM CST, Deepthi Jayaram wrote: > Thanks for the reply Jared. But I have tried by removing the /login, /logout > and /loginfailed from the filterChainDefinitions. I have tried using authc > and I have tried using anon, authc. Nothing works. I also updated my > login.jsp to change the names of the fields to username and password. It is > still returning to the login.jsp page without any errors. > > -----Original Message----- > From: Jared Bunting [mailto:[email protected]] > Sent: 04 January 2012 21:32 > To: [email protected] > Subject: Re: Not able to login - No error shown > > I suspect that your /login filter chain mapping should NOT be "anon". > If the authc filter never sees requests to that url, then it can't do > the authentication. > > In general, the authc filter handles allowing through its "special" > urls by itself - you shouldn't have to help it. I suspect that > there's also no need to map /loginfailed to anon, but I can't think of > any harm that would do. > > -Jared > > On Wed 04 Jan 2012 08:09:11 AM CST, Deepthi Jayaram wrote: >> Hi, >> >> >> >> I have just started working on an application to integrate Spring MVC, >> Apache Shiro and Ehcache. The requirement is that the user is >> authenticated and authorized by Apache Shiro and his session is >> maintained in a distributed environment using Ehcache. >> >> >> >> The following is my web.xml >> >> >> >> <code> >> >> <?xml version=/"1.0"/ encoding=/"UTF-8"/?> >> >> <web-app >> >> xmlns:xsi=/"http://www.w3.org/2001/XMLSchema-instance"/ >> >> xmlns=/"http://java.sun.com/xml/ns/javaee"/ >> >> xmlns:web=/"http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"/ >> >> xsi:schemaLocation=/"http://java.sun.com/xml/ns/javaee >> http://java.sun.com/xml/ns/javaee/web-app_2_4.xsd"/ version=/"2.4"/> >> >> <display-name>PlatformWeb</display-name> >> >> <context-param> >> >> <param-name>contextConfigLocation</param-name> >> >> >> <param-value>/WEB-INF/spring/appServlet/root-context._xml_</param-value> >> >> </context-param> >> >> <listener> >> >> >> <listener-class>_org_._springframework_.web.context.ContextLoaderListener</listener-class> >> >> </listener> >> >> <!-- _Shiro_ Security --> >> >> <filter> >> >> <filter-name>shiroFilter</filter-name> >> >> >> <filter-class>_org_._springframework_.web.filter.DelegatingFilterProxy</filter-class> >> >> <init-param> >> >> <param-name>targetFilterLifecycle</param-name> >> >> <param-value>true</param-value> >> >> </init-param> >> >> </filter> >> >> <filter-mapping> >> >> <filter-name>shiroFilter</filter-name> >> >> <url-pattern>/*</url-pattern> >> >> </filter-mapping> >> >> <servlet> >> >> <servlet-name>appServlet</servlet-name> >> >> >> <servlet-class>_org_._springframework_.web._servlet_.DispatcherServlet</servlet-class> >> >> <init-param> >> >> <param-name>contextConfigLocation</param-name> >> >> >> <param-value>/WEB-INF/spring/appServlet/_servlet_-context._xml_</param-value> >> >> </init-param> >> >> <load-on-startup>1</load-on-startup> >> >> </servlet> >> >> <servlet-mapping> >> >> <servlet-name>appServlet</servlet-name> >> >> <url-pattern>/</url-pattern> >> >> </servlet-mapping> >> >> </web-app> >> >> </code> >> >> >> >> The following is my root-context.xml >> >> >> >> <code> >> >> <?xml version=/"1.0"/ encoding=/"UTF-8"/?> >> >> <beans:beans xsi:schemaLocation=/" >> http://www.springframework.org/schema/mvc >> http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd / >> >> /http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans-3.0.xsd/ >> >> /http://www.springframework.org/schema/context >> http://www.springframework.org/schema/context/spring-context.xsd/ >> >> /http://www.springframework.org/schema/tx >> http://www.springframework.org/schema/tx/spring-tx.xsd/ >> >> /http://www.springframework.org/schema/aop >> http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"/ >> >> xmlns:beans=/"http://www.springframework.org/schema/beans"/ >> >> xmlns:xsi=/"http://www.w3.org/2001/XMLSchema-instance"/ >> >> xmlns:mvc=/"http://www.springframework.org/schema/mvc"/ >> >> xmlns:context=/"http://www.springframework.org/schema/context"/ >> >> xmlns:p=/"http://www.springframework.org/schema/p"/ >> >> xmlns:tx=/"http://www.springframework.org/schema/tx"/ >> >> xmlns:aop=/"http://www.springframework.org/schema/aop"/> >> >> <beans:bean id=/"ds"/ >> class=/"com.mysql.jdbc.jdbc2.optional.MysqlDataSource"/> >> >> <beans:property name=/"serverName"/ >> value=/"<ip addr>"/ /> >> >> <beans:property name=/"user"/ >> value=/"root"/ /> >> >> <beans:property name=/"password"/ >> value=/"root"/ /> >> >> <beans:property name=/"databaseName"/ >> value=/"<database name>"/ /> >> >> </beans:bean> >> >> <!-- Security Manager --> >> >> <beans:bean id=/"securityManager"/ >> class=/"org.apache.shiro.web.mgt.DefaultWebSecurityManager"/> >> >> <beans:property name=/"sessionMode"/ value=/"native"/ /> >> >> <beans:property name=/"realm"/ ref=/"jdbcRealm"/ /> >> >> <beans:property name=/"sessionManager"/ ref=/"sessionManager"//> >> >> <beans:property name=/"cacheManager"/ ref=/"cacheManager"//> >> >> </beans:bean> >> >> >> >> <!-- Caching --> >> >> <beans:bean id=/"cacheManager"/ >> class=/"org.apache.shiro.cache.ehcache.EhCacheManager"/> >> >> <beans:property name=/"cacheManager"/ ref=/"ehCacheManager"/ /> >> >> </beans:bean> >> >> >> >> <beans:bean id=/"ehCacheManager" >> /class=/"org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/ /> >> >> >> >> <beans:bean id=/"sessionDAO"/ >> class=/"org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/ /> >> >> >> >> <beans:bean id=/"sessionManager" >> /class=/"org.apache.shiro.web.session.mgt.DefaultWebSessionManager"/> >> >> <beans:property name=/"sessionDAO"/ ref=/"sessionDAO"/ /> >> >> </beans:bean> >> >> >> >> >> >> <!-- JDBC Realm Settings --> >> >> <beans:bean id=/"jdbcRealm"/ >> class=/"org.apache.shiro.realm.jdbc.JdbcRealm"/> >> >> <beans:property name=/"name"/ value=/"jdbcRealm"/ /> >> >> <beans:property name=/"dataSource"/ ref=/"ds"/ /> >> >> <beans:property name=/"authenticationQuery"/ >> >> value=/"SELECT password FROM users WHERE username=? and >> enabled=1"/ /> >> >> <beans:property name=/"userRolesQuery"/ >> >> value=/"SELECT r.name FROM roles r, users u, users_roles >> ur WHERE u.id=ur.user_id AND r.id=ur.role_id AND u.username=?"/ /> >> >> <beans:property name=/"permissionsQuery"/ >> >> value=/"SELECT p.authority FROM roles r, permissions p, >> roles_permissions rp WHERE r.id=rp.role_id AND p.id=rp.permission_id >> AND r.name=?"/ /> >> >> <beans:property name=/"permissionsLookupEnabled"/ >> value=/"true"/ /> >> >> </beans:bean> >> >> >> >> <!-- Spring Integration --> >> >> <beans:bean id=/"lifecycleBeanPostProcessor"/ >> class=/"org.apache.shiro.spring.LifecycleBeanPostProcessor"/ /> >> >> >> >> <!-- Enable _Shiro_ Annotations for Spring-configured beans. Only >> run after >> >> the lifecycleBeanProcessor has run: --> >> >> <beans:bean id=/"annotationProxy"/ >> >> >> class=/"org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/ >> >> depends-on=/"lifecycleBeanPostProcessor"/ /> >> >> <beans:bean >> >> >> class=/"org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"/> >> >> <beans:property name=/"securityManager"/ >> ref=/"securityManager"/ /> >> >> </beans:bean> >> >> >> >> <!-- Secure Spring _remoting_: Ensure any Spring _Remoting_ method >> invocations >> >> can be associated with a Subject for security checks. --> >> >> <beans:bean id=/"secureRemoteInvocationExecutor"/ >> >> >> class=/"org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor"/> >> >> <beans:property name=/"securityManager"/ >> ref=/"securityManager"/ /> >> >> </beans:bean> >> >> >> >> <!-- _Shiro_ filter --> >> >> <beans:bean id=/"shiroFilter"/ >> class=/"org.apache.shiro.spring.web.ShiroFilterFactoryBean"/> >> >> <beans:property name=/"securityManager"/ >> ref=/"securityManager"/ /> >> >> <beans:property name=/"loginUrl"/ value=/"/login"/ /> >> >> <beans:property name=/"successUrl"/ value=/"/index"/ /> >> >> <beans:property name=/"unauthorizedUrl"/ value=/"/loginfailed"/ /> >> >> <beans:property name=/"filterChainDefinitions"/> >> >> <beans:value> >> >> <!-- !!! Order matters !!! --> >> >> /login = anon >> >> /logout = anon >> >> /_loginfailed_ = anon >> >> /** = _authc_ >> >> </beans:value> >> >> </beans:property> >> >> </beans:bean> >> >> </beans:beans> >> >> </code> >> >> >> >> The following is an extract from my controller >> >> >> >> <code> >> >> @RequestMapping(value = "/login") >> >> *public* String login(ModelMap model) { >> >> *return* "login"; >> >> } >> >> @RequestMapping(value = "/index", method = RequestMethod./GET/) >> >> *public* String listMembers(ModelMap model) { >> >> /logger/.info("Listing Platform Team >> members..."); >> >> model.put("member", *new* TeamMember()); >> >> model.put("memberList", >> memberService.listMembers()); >> >> *return* "member"; >> >> } >> >> </code> >> >> >> >> The following is my login.jsp >> >> >> >> <code> >> >> <form name=/"loginform"/ action=/""/ method=/"post"/> >> >> <table align=/"left"/ border=/"0"/ cellspacing=/"0"/ cellpadding=/"3"/> >> >> <tr> >> >> <td>_Username_:</td> >> >> <td><input type=/"text"/ name=/"user"/ maxlength=/"30"/></td> >> >> </tr> >> >> <tr> >> >> <td>Password:</td> >> >> <td><input type=/"password"/ name=/"pass"/ maxlength=/"30"/></td> >> >> </tr> >> >> <tr> >> >> <td colspan=/"2"/ align=/"left"/><input type=/"checkbox"/ >> name=/"remember"/><font size=/"2"/>Remember Me</font></td> >> >> </tr> >> >> <tr> >> >> <td colspan=/"2"/ align=/"right"/><input type=/"submit"/ >> name=/"submit"/ value=/"Login"/></td> >> >> </tr> >> >> </table> >> >> </form> >> >> </code> >> >> >> >> When I run this, I do not get any build or runtime errors. But when I >> try to login with authentic credentials, I come back to login.jsp page >> with no errors. I would appreciate any help on this. Thanks in advance. >> >> Deepthi >> > > >
