Hi Les Hazlewood, i am very much happy to see your reply and thankful to you..
i checked that sample web application and it is working very much properly, as you said shiroFilter only doing that becoz there is no separate configauration for that. there they are using shiro.ini file to maintain the data where in our application we are maintaining ElasticSearch only this one is the difference which no where dependent. i am using shiroFilter in web.xml as our sample web application but in my application i am not getting that bread crumbs effect, could you pls suggest me? i am not sure that my configuration is 100% currecct, please help me out in this. here is my web.xml file ---------------------------------- <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:jsp=" http://java.sun.com/xml/ns/javaee/jsp"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; version="2.5"> <display-name>spring freemarker</display-name> <context-param> <param-name>spring.profiles.default</param-name> <param-value>production</param-value> </context-param> <listener> <listener-class>net.enhancesys.auth.listeners.SystemOptionsUtilitiesListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <listener> <listener-class>freemarker.ext.jsp.EventForwarding</listener-class> </listener> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>JQGridTranServlet</servlet-name> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridTranServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>JQGridTranServlet</servlet-name> <url-pattern>/JQGridTranServlet</url-pattern> </servlet-mapping> <servlet> <servlet-name>springServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springServlet</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> <servlet> <description></description> <display-name>JQGridServlet</display-name> <servlet-name>JQGridServlet</servlet-name> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>JQGridServlet</servlet-name> <url-pattern>/JQGridServlet</url-pattern> </servlet-mapping> <servlet> <description></description> <display-name>JQGridCallServlet</display-name> <servlet-name>JQGridCallServlet</servlet-name> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridCallServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>JQGridCallServlet</servlet-name> <url-pattern>/JQGridCallServlet</url-pattern> </servlet-mapping> <servlet> <description></description> <display-name>JQGridIncidentServlet</display-name> <servlet-name>JQGridIncidentServlet</servlet-name> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridIncidentServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>JQGridIncidentServlet</servlet-name> <url-pattern>/JQGridIncidentServlet</url-pattern> </servlet-mapping> <servlet> <description></description> <display-name>JQGridOrdersServlet</display-name> <servlet-name>JQGridOrdersServlet</servlet-name> <servlet-class>net.enhancesys.crm.singlescreen.servlet.JQGridOrdersServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>JQGridOrdersServlet</servlet-name> <url-pattern>/JQGridOrdersServlet</url-pattern> </servlet-mapping> <session-config> <session-timeout>1</session-timeout> <!-- 1 min---> </session-config> </web-app> here this session time out configuration is not getting effected into application, so that i have configured in spring application context file as shown below. shiro-security.xml ------------------------------- <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context=" http://www.springframework.org/schema/context"; xmlns:jee="http://www.springframework.org/schema/jee"; xmlns:tx=" http://www.springframework.org/schema/tx"; xmlns:jpa="http://www.springframework.org/schema/data/jpa"; default-lazy-init="true" xmlns:jdbc=" http://www.springframework.org/schema/jdbc"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:mvc=" http://www.springframework.org/schema/mvc"; xsi:schemaLocation="http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd";> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- <property name="cacheManager" ref="cacheManager" /> --> <property name="sessionMode" value="native" /> <property name="realm" ref="elasticsearchRealm" /> <property name="sessionManager.globalSessionTimeout" value="60000" /> <!-- 1 min --> </bean> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor" /> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> <!-- <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager" /> --> <bean id="elasticsearchRealm" class="net.enhancesys.auth.realm.ElasticSearchAuthRealm"> <property name="name" value="elasticsearchRealm" /> <property name="featuresLookupEnabled" value="true"></property> <property name="rolesLookupEnabled" value="true"></property> <property name="credentialsMatcher"> <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="SHA-256" /> <property name="storedCredentialsHexEncoded" value="false" /> </bean> </property> </bean> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name="successUrl" value="redirect:/main/welcome1?cat=dashboard.summary" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <value> /login = anon /logout = logout /** = authc </value> </property> </bean> </beans> please check this configuration and let me know the problem... thanking you :) On Wed, Jul 3, 2013 at 9:09 PM, Les Hazlewood <[email protected]> wrote: > Hi Nagaraju, > > This is automatically handled by the authentication filter(s) in Shiro: if > they attempt to access a URL and are not logged in, the attempted URL is > saved to their session. After login, Shiro will automatically redirect > them back to the URL they originally tried to access. Shiro's basic sample > web application demonstrates this behavior: > > https://svn.apache.org/repos/asf/shiro/branches/1.2.x/samples/web/ > > HTH, > > -- > Les Hazlewood | @lhazlewood > CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 > > > On Tue, Jul 2, 2013 at 10:08 PM, Nagaraju Kurma < > [email protected]> wrote: > >> sorry... i didnt get any situationlike that as of now. >> please if u know help me here. >> >> my requirement is i need to implement the bread crumbs in apache shiro >> security api, i referred tutorials but didnt reach my point. >> >> when session is timed out my application automatically redirects to >> login page, when the person is relogged in then i need to show the >> last activity but now from scrach... >> >> ex: user is doing operation like link1----> link-2 -------> link3 then >> now timed out, after relogin i have to show link3 page but not link1.. >> >> can any body help me here.. >> any help is appreciated, thanks :) >> >> On 7/3/13, Pillar <[email protected]> wrote: >> > I created an intermediary Observable class that registers the Realm >> (which >> > implements the Oberserver interface) on startup. When a Controller >> action >> > that would modify permissions gets called, I invalidate the Observable >> > which >> > notifies the Realm, which clears the cache. >> > >> > I don't feel like it's enough indirection, but it works well. >> > >> > Thanks! >> > >> > >> > >> > -- >> > View this message in context: >> > >> http://shiro-user.582556.n2.nabble.com/Updating-permissions-dynamically-at-runtime-tp7578886p7578888.html >> > Sent from the Shiro User mailing list archive at Nabble.com. >> > >> >> >> -- >> >> >> Regards,**** >> >> Nagaraju. >> > > -- Regards,**** Nagaraju.
