The 'authc' filter is a FormAuthenticationFilter by default - it only supports form-based logins.
You might want to configure another AuthenticationFilter for REST-specific use cases. Don't forget to use Shiro's (very powerful) URL filter definitions - this allows you to specify different filter chains (including authentication filters) are used for different URL endpoints in your application. For the ShiroFilterFactoryBean, that would be the 'filterChainDefinitions' property. -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Tue, Sep 23, 2014 at 12:08 AM, Nagaraju Kurma < [email protected]> wrote: > > Hi all, > > There is a REST service which will expect username and password, creates a > token and tries to perform authentication process. > > *in web.xml* > > <web-app> > <filter> > <filter-name>shiroFilter</filter-name> > > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> > <init-param> > <param-name>targetFilterLifecycle</param-name> > <param-value>true</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>shiroFilter</filter-name> > <url-pattern>/*</url-pattern> > <dispatcher>REQUEST</dispatcher> > <dispatcher>FORWARD</dispatcher> > <dispatcher>INCLUDE</dispatcher> > <dispatcher>ERROR</dispatcher> > </filter-mapping> > > </web-app> > > *in shiro-security.xml file is* > > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager" /> > *<property name="loginUrl" value="login.jsp" />* > * <property name="successUrl" value="success.jsp" />* > * <property name="unauthorizedUrl" value="unauthorized.jsp" />* > <property name="filterChainDefinitions"> > <value> > /** = authc > </value> > </property> > </bean> > > *UserValidatorService.java* > *------------------------------------* > > public boolean isUserValid(String username, String password){ > try { > UsernamePasswordToken token = new UsernamePasswordToken(username, > password); > Subject subject = SecurityUtils.getSubject(); > subject.login(token); > System.out.println(">>>>>>>>>>>> Login success"); > return true; > } catch (Exception e) { > System.out.println(">>>>>>>>>>>> Login failed"); > e.printStackTrace(); > return false; > } > } > > *TestRelam.java* > > Realm also configured in the proper way to do the authentication process. > > Based on the authentication status i have to send a flag (success/failure) > as the response to UI application who is calling my service. > > But It is always expecting the above highlighted properties in > *shiro-security-xml*, Where i unable to configure those url/pages in the > REST environment. How to skip it or is there any other configuration to > achieve it. > > When i give the request from my postman rest client, The response is > > Could not get any response > > This seems to be like an error connecting to > http://localhost:1234/test/user <http://localhost:9090/sis/org/create>. > The response status was 0. > Check out the W3C XMLHttpRequest Level 2 spec > <http://www.w3.org/TR/XMLHttpRequest/#the-status-attribute> for more > details about when this happens > > > When i click on the above url : http://localhost:1234/test/user > <http://localhost:9090/sis/org/create> > > It is going for the blank page i.e : http://localhost:1234/test/user > <http://localhost:9090/sis/org/create>/login.jsp > > Please let me know if is there any way to achieve it. > > Thanks & Regards > > Nagaraju Kurma >
