Folks,
I accepted the fact that I cannot create entities during my doAuthentication
method because the user first to login is administrator who has no entity or
roles or permissions yet.
And so I need to hardwire an administrator account in a shiro configuration
with at least a role that will permit entity creation.
So i have been wrestling with shiro filterchain definitions and just blue in
the face.
Is it this difficult to make a default administrator to crack into the system
at bootstrap for the first time ?
Can anyone lend some assistance ?
I wuold appreciate it.
My shiro config is as follows:
configuration.add(factory.createChain("/**").add(factory.authc()).build());
// force whole app to authenticate
configuration.add(factory.createChain("/authc/**").add(factory.authc()).build());
configuration.add(factory.createChain("/user/**").add(factory.user()).build());
configuration.add(factory.createChain("/user/administrator/*").add(factory.perms(),
"*:*:*").build());
configuration.add(factory.createChain("/user/administrator/**").add(factory.roles(),
Person.Role.administrator.toString()).build());
configuration.add(factory.createChain("/assets/**").add(factory.anon()).build());
configuration.add(factory.createChain("/user/administrator/**").add(factory.perms(),
"*:create:*,*:read:*,*:update:*,*:delete:*").build());
configuration.add(factory.createChain("/**").add(factory.anon()).build());
// force whole app to be anonymous
configuration.add(factory.createChain("/authc/administrator").add(factory.anon()).build());
configuration.add(factory.createChain("/authc/**").add(factory.authc()).build());
configuration.add(factory.createChain("/contributed/**").add(factory.authc()).build());
configuration.add(factory.createChain("/user/administrator").add(factory.anon()).build());
configuration.add(factory.createChain("/user/**").add(factory.user()).build());
but nothing works... everytime I attempt a login as administrator/administrator
I receive
org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it
does not have any identifying principals and authorization operations require
an identity to check against. A Subject instance will acquire these
identifying principals automatically after a successful login is performed be
executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when
'Remember Me' functionality is enabled by the SecurityManager. This exception
can also occur when a previously logged-in Subject has logged out which makes
it anonymous again. Because an identity is currently not known due to any of
these conditions, authorization is denied.
1. are there things I am restricted from doing within my doAuthentication and
doAuthorization methods ? because I am trying to create entities of users
within my database if they dont exist.
2. if a user doesnt exist and I want to create it in my database... where is
the appropriate place... within these security routines... or on a handled
exception... one of the four that seem to happen.
I am not clear on how to get into the system for the first time is the
superuser and password account is known in advance.
Thank for any help
Ken
