I'm new to Shiro and I'm developing a pretty standard web app. For some
reason I am having problems with the post login URL. All I am trying to
achieve is;
1. If a resource was requested directly that post login the original request
is completed
2. If no specific resource is requested (ie. The just request the login
page) they are redirected to a specific url.
The documentation that I've read suggests that this functionality should be
available pretty much out of the box. Unfortunately neither of these
features are working for me! Regardless of what resource is requested, post
successful login the user is simply redirected back to the login page. At
first I didn't think the authentication process was working but I placed a
conditional render on the login page at its working fine, its just not
redirecting the user.
In my shiro.ini file I have specified a "authc.successUrl =
/postLoginPage.jsf" as I assume this is the URL that should be returned if
no 'original URL' was requested to trigger the authentication. I am using
JSF with the standard JdbcRealm and a custom passwordMatcher.
My Shiro.ini file:
# This is the core shiro configuration file
[main]
# JDBC Database connection used for authentication
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username =
?
jdbcRealm.userRolesQuery = SELECT role FROM roles WHERE username = ?
jdbcRealm.permissionsQuery = SELECT role_permission FROM roles WHERE
role_name = ?
ds = com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource
ds.url=jdbc:mysql://***.***.*.**:3306
ds.user = *********
ds.password = *************
jdbcRealm.dataSource=$ds
# Using default form based security filter
org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc.loginUrl = /login.jsf
# Redirect after successful login
authc.successUrl = /postLoginPage.jsf
# Redirect to an access denied page if user does not have access rights
roles.unauthorizedUrl = /error/accessDenied.jsf
# PasswordMatcher and PasswordService are used to match password hash during
authentication
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = tv.tarka.security.PasswordMatcherExtension
passwordMatcher.passwordService = $passwordService
jdbcRealm.credentialsMatcher = $passwordMatcher
# URLs that require access control with the authorised roles
[urls]
/admin/** = authc, roles[ROLE_ADMIN]
/account/** = authc, roles[ROLE_USER]
/login.jsf = ssl[8181],authc
And my login():
public void login() {
if (!SecurityUtils.getSubject().isAuthenticated()) {
try {
UsernamePasswordToken userToken = new
UsernamePasswordToken(name, password);
userToken.setRememberMe(rememberMe);
SecurityUtils.getSubject().login(userToken);
} catch (UnknownAccountException uae) {
JsfUtil.addErrorMessage(uae,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationUnknownAccount"));
} catch (IncorrectCredentialsException ice) {
JsfUtil.addErrorMessage(ice,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationIncorrectCredentials"));
} catch (LockedAccountException lae) {
JsfUtil.addErrorMessage(lae,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationLockedAccount"));
} catch (ExcessiveAttemptsException eae) {
JsfUtil.addErrorMessage(eae,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationExcessiveAttempts"));
} catch (AuthenticationException ae) {
JsfUtil.addErrorMessage(ae,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationFailed"));
} catch (Exception ex) {
JsfUtil.addErrorMessage(ex,
ResourceBundle.getBundle("/Bundle").getString("AuthenticationError"));
}
}
}
Thanks
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Redirect-after-successful-login-tp7478727p7478727.html
Sent from the Shiro User mailing list archive at Nabble.com.
