Re: Shiro rediecting back to Login after successful Login

[jim.pier...@gmail.com]

ok, I have been able to dig deeper...

It seems that when the call comes into
FormAuthenticationFilter.isAccessAllowed() (actually in super class of
AuthenticatingFilter) AFTER a success login and redirect to successUrl, this
method is always returning false.  It seems the call to getSubject is not
finding an Authenticated Subject in the ThreadContext.  It is this method
that doesn't find correct Subject:

public static Subject getSubject() {
        Subject subject = ThreadContext.getSubject();
        if (subject == null) {
            subject = (new Subject.Builder()).buildSubject();
            ThreadContext.bind(subject);
        }
        return subject;
    }

So my question is, what might cause this?  I am authenticating in my custom
Realm (which works fine thru BASIC auth), I can see the correct
authenticated Subject being created.  It is just not being found by
SecurityUtils upon the next call.

Here is my auth method from my custom realm:
----------------------------------------------------------
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {

                UsernamePasswordToken upToken = (UsernamePasswordToken) token;

                String name = upToken.getUsername();
                String password = new String(upToken.getPassword());

                if (name != null && password != null) {
                        Map userMap = VnfmDatabase.readCollection(User.USERS, 
String.class);
                        if (userMap.containsKey(name)) {
                                User user = (User) userMap.get(name);
                                String pw = user.getPassword();
                                if (password.equals(pw)) {
                                        return new 
SimpleAuthenticationInfo(name, password.toCharArray(),
getName());
                                } else {
                                        throw new 
AuthenticationException("Invalid Password");
                                }
                        } else {
                                throw new AuthenticationException("Invalid 
Username");
                        }
                }
                throw new AuthenticationException("Username and Password 
required");
        }
------------------------------------------------------------

Does something else need to be done to ensure the authenticated Subject is
stashed away somewhere properly?

My subsequent requests do have a JSESSIONID attached to them...



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Shiro-rediecting-back-to-Login-after-successful-Login-tp7581130p7581158.html
Sent from the Shiro User mailing list archive at Nabble.com.