i am the apache shiro security API starter........ i downloaded the api zip file andd got the ref applications...
as of now i dont want to maintain any realm, databases for the customized auths so that i am using shiro.ini file. for the shiroFilter i am configuring loginUrl, successUrl, unauthorizedUrl which are applicable for authc even. but only the loginUrl is working but successUrl ....etc not working. sometimes successUrl works i am not understanding whats the cause. for the for login it is giving 404 error, when i click back button and entered uername,password and login then its working and logging in......... soo many wonderings pls anybody there to help.... i am sending complte application conf pls trace out my problem in this my configuration in web.xml --------------------------------------------------- <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; version="2.5"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </context-param> <context-param> <param-name>webAppRootKey</param-name> <param-value>spring-sample.webapp.root</param-value> </context-param> <listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>shiroFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetFilterLifecycle</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>shiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>springServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>/WEB-INF/jsp/redirect.jsp</welcome-file> </welcome-file-list> </web-app> in spring-servlet.xml ------------------------------- <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd "> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/jsp/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> </beans> in applicationContext.xml ------------------------------------- <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd "> <context:component-scan base-package="com.ini.controller" /> <import resource="spring-servlet.xml" /> <bean id="iniRealm" class="org.apache.shiro.realm.text.IniRealm"> <constructor-arg value="classpath:shiro.ini" type="java.lang.String" /> </bean> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <property name="realm" ref="iniRealm"></property> </bean> <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login"></property> --------> works from 2nd login <property name="successUrl" value="/success"></property> --------->rarely 1 out od 10 attempts <property name="filterChainDefinitions"> <value> /logout = logout /** = authc </value> </property> </bean> </beans> home.jsp --------------- <%@ include file="include.jsp"%> <html> <head> <title>Apache Shiro Quickstart</title> </head> <body> <h1>Apache Shiro Quickstart</h1> <p> Hi <shiro:guest>Guest</shiro:guest> <shiro:user> <shiro:principal /> </shiro:user> ! ( <shiro:user> <a href="logout">Log out</a> </shiro:user> <shiro:guest> <a href="login">Log in</a> (sample accounts provided)</shiro:guest> ) </p> <p>Welcome to the Apache Shiro Quickstart sample application. This page represents the home page of any web application.</p> <h2>Roles</h2> <p>To show some taglibs, here are the roles you have and don't have. Log out and log back in under different user accounts to see different roles.</p> <h3>Roles you have</h3> <p> <shiro:hasRole name="admin">admin<br /> </shiro:hasRole> <shiro:hasRole name="president">president<br /> </shiro:hasRole> <shiro:hasRole name="darklord">darklord<br /> </shiro:hasRole> <shiro:hasRole name="goodguy">goodguy<br /> </shiro:hasRole> <shiro:hasRole name="schwartz">schwartz<br /> </shiro:hasRole> </p> <h3>Roles you DON'T have</h3> <p> <shiro:lacksRole name="admin">admin<br /> </shiro:lacksRole> <shiro:lacksRole name="president">president<br /> </shiro:lacksRole> <shiro:lacksRole name="darklord">darklord<br /> </shiro:lacksRole> <shiro:lacksRole name="goodguy">goodguy<br /> </shiro:lacksRole> <shiro:lacksRole name="schwartz">schwartz<br /> </shiro:lacksRole> </p> </body> </html> include.jsp ------------------- <%@ page import="org.apache.shiro.SecurityUtils" %> <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"; %> index.jsp --------------- <jsp:forward page="home.jsp"/> login.jsp --------------- <%@ include file="include.jsp"%> <html> <head> <script type="text/javascript"> function focusCur() { document.getElementById("username").focus(); } </script> </head> <body onload="focusCur()"> <h2>Please Log in</h2> <shiro:guest> <p>Here are a few sample accounts to play with in the default text-based Realm (used for this demo and test installs only). Do you remember the movie these names came from? ;)</p> <style type="text/css"> table.sample { border-width: 1px; border-style: outset; border-color: blue; border-collapse: separate; background-color: rgb(255, 255, 240); } table.sample th { border-width: 1px; padding: 1px; border-style: none; border-color: blue; background-color: rgb(255, 255, 240); } table.sample td { border-width: 1px; padding: 1px; border-style: none; border-color: blue; background-color: rgb(255, 255, 240); } </style> <table class="sample"> <thead> <tr> <th>Username</th> <th>Password</th> </tr> </thead> <tbody> <tr> <td>root</td> <td>secret</td> </tr> <tr> <td>presidentskroob</td> <td>12345</td> </tr> <tr> <td>darkhelmet</td> <td>ludicrousspeed</td> </tr> <tr> <td>lonestarr</td> <td>vespa</td> </tr> </tbody> </table> <br /> <br /> </shiro:guest> <form action="login" method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="username" id="username" maxlength="30"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" maxlength="30"></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> </body> </html> LoginController.java ---------------------------- package com.ini.controller; import org.apache.shiro.SecurityUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller public class LoginController { @RequestMapping(value = "/success", method = RequestMethod.GET) public String home() { System.out.println("home() : GET"); return "home"; } @RequestMapping(value = "/login", method = RequestMethod.GET) public String form() { System.out.println("login() : GET"); return "login"; } @RequestMapping(value = "/login", method = RequestMethod.POST) public String login() { System.out.println("login() : POST"); SecurityUtils.getSubject().getSession(); return "home"; } } shiro.ini file --------------------> placed in src/shiro.ini (in appContext.xml reading from classpath:/.........) ------------------ # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # INI configuration is very powerful and flexible, while still remaining succinct. # Please http://shiro.apache.org/configuration.html and # http://shiro.apache.org/web.html for more. [main] shiro.loginUrl = /login.jsp [users] # format: username = password, role1, role2, ..., roleN root = secret,admin guest = guest,guest presidentskroob = 12345,president darkhelmet = ludicrousspeed,darklord,schwartz lonestarr = vespa,goodguy,schwartz [roles] # format: roleName = permission1, permission2, ..., permissionN admin = * schwartz = lightsaber:* goodguy = winnebago:drive:eagle5 [urls] # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but # the 'authc' filter must still be specified for it so it can process that url's # login submissions. It is 'smart' enough to allow those requests through as specified by the # shiro.loginUrl above. /login.jsp = authc /logout = logout /account/** = authc /remoting/** = authc, roles[b2bClient], perms["remote:invoke:lan,wan"] please suggest me by finding the mistakes... any help is appreciated. thanking u:) -- Regards,**** Nagaraju.
