- Add an explicit ID to your <h:form>.
<h:form id="login>
...
</h:form>
This will guarantee deterministic request parameter names for your form
fields.
- Override the default parameter names:
[main]
authc.usernameParam = login:username
authc.passwordParam = login:password
- Make sure to apply the authc filter to the login URL
[urls]
/login.jsf = authc
By doing so, all authentication happens automatically, you don't even
need an action method for your <h:commandButton>
Best regards,
Harald
Am 25.11.2012 14:56, schrieb Jared Bunting:
It's been awhile since I've worked with JSF, but I believe you have
two options.
1. Change the parameters authc.usernameParam and authc.passwordParam in
your shiro.ini file to match the field names that jsf uses. This might
work, I'm not sure of the intricacies in jsf.
2. Don't use a filter for login. This is probably what I would do. If
I remember correctly, you can tie your form submission in login.jsf to
a method on your backing bean. This backing bean would need to do
something like this:
try {
AuthenticationToken token = new UsernamePasswordToken(username,
password, rememberMe, request.getRemoteHost());
SecurityUtils.getSubject().login(token);
} catch (AuthenticationException ae) {
// handle error
}
It would also need to do any redirect work.
Whatever you do get working, please share it. I think we need a "Shiro
with JSF" section in the wiki, and perhaps some supporting code in the
shiro-faces module.
Thanks,
Jared
On Sun 25 Nov 2012 12:07:21 AM CST, set321go wrote:
Hello,
I am relativley new to the jsp/jsf side of java. I am trying to build a web
application which runs on jboss 7 using jsf2.0 and shiro1.2. I have found
the extra tag libs i need to give parts of my page different permissions but
I am having some login Issues.
My problem is that jsf uses its own values for id and name attributes on
html elements, when my submit response comes back shiro has null values for
my username and pasword because the name and password dont match what I have
set in the shiro.ini file. How can I fix this?
shiro.ini
...
securityManager.realms = $userRealm
authc.loginUrl = /faces/login.xhtml
# name of request parameter with username; if not present filter assumes
'username'
authc.usernameParam = username
# name of request parameter with password; if not present filter assumes
'password'
authc.passwordParam = password
# does the user wish to be remembered?; if not present filter assumes
'rememberMe'
authc.rememberMeParam = remembered
...
login.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml";
xmlns:h="http://java.sun.com/jsf/html";>
<h:head>
<title>Simple JSF login page</title>
</h:head>
<h:body>
<h:panelGroup rendered="#{!loginBean.errors}">
<h:form>
<p>#{loginBean.error}</p>
</h:form>
</h:panelGroup>
<h:panelGroup rendered="#{!loginBean.loggedIn}">
Login
<h:form>
<p>Username: <h:inputText id="username"
value="#{loginBean.username}" /></p>
<p>Password: <h:inputText id="password"
value="#{loginBean.password}" /></p>
<p>RememberMe: <h:selectBooleanCheckbox id="remembered"
value="#{loginBean.rememberMe}" /></p>
<p><h:commandButton value="submit" action="#{loginBean.login}"
/></p>
</h:form>
</h:panelGroup>
</h:body>
</html>
output from doGetAuthenticationInfo
21:48:13,491 INFO [stdout] (http--127.0.0.1-8080-1) Authentication - input
username: null
21:48:13,491 INFO [stdout] (http--127.0.0.1-8080-1) Authentication - input
password: null
21:48:13,492 INFO [stdout] (http--127.0.0.1-8080-1) Authentication - input
host: 127.0.0.1
21:48:13,492 INFO [stdout] (http--127.0.0.1-8080-1) Authentication - input
toString: org.apache.shiro.authc.UsernamePasswordToken - null,
rememberMe=false (127.0.0.1)
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/shiro-jsf2-0-login-page-tp7577981.html
Sent from the Shiro User mailing list archive at Nabble.com.
