Apache Shiro + 身份验证问题

Apache Shiro + Authentication issues

我正在为我的 Web 应用程序使用 Apache Shiro,但我无法让它按预期工作。

我需要的是 Shiro 框架的授权部分,但我无法遵循任何这些指南,因为它们各不相同,我无法在我的应用程序中使用它。

以下是我想使用 Shiro 框架的目的:

现在我的应用程序是这样做的:

到目前为止我发现了以下内容:

shiro.ini:

[main]
# define login page
authc.loginUrl = /SSP/login.jsp

# name of request parameter with username;
authc.usernameParam = username

# name of request parameter with password;
authc.passwordParam = password

# redirect after successful login
authc.successUrl  = /SSP/portal.jsp

[urls]
# enable authc filter for all application pages
/SSP/**=authc

我的 web.xml 的 shiro 部分看起来像这样:

<welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

我的 shiro 部分 pom.xml:

<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-core</artifactId>
    <version>1.2.4</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-web</artifactId>
    <version>1.2.4</version>
</dependency>
<dependency>
    <groupId>org.apache.shiro</groupId>
    <artifactId>shiro-spring</artifactId>
    <version>1.2.4</version>
</dependency>

我得到的错误:

java.lang.IllegalArgumentException: Configuration error. 
Specified object [authc] with property [loginUrl] without first defining that object's class.
Please first specify the class property first, e.g. myObject = fully_qualified_class_name and then define additional properties.

编辑:

shiro.ini 中的这一行似乎起到了作用:

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

但现在我遇到了问题,应用程序不使用我自己的登录名 class

login.java:

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String url = "/login.jsp";

    // Get Login credentials from Login form
    username = request.getParameter("username");
    password = request.getParameter("password");

    //SecurityManager securityManager = Startup.getSecurityManager();

    //2. Get the current Subject:
    Subject currentUser = SecurityUtils.getSubject();

    //3. Login:
    if (!currentUser.isAuthenticated()) {
        // create UsernamePasswordToken
        UsernamePasswordToken token = new UsernamePasswordToken("cn=" + username + ",ou=People,dc=maxcrc,dc=com", password);
        try {
            currentUser.login(token);

            token.clear();
            url = "/portal.jsp";

            System.out.println("User [" + currentUser.getPrincipal() +"] logged succesfully");

            //4. Create User Session
            Session session = currentUser.getSession();

            // get user_id
            user_id = get_users_id(username);

            // create new object of User class 
            User new_user = new User(user_id, username);

            // Set HTTP Session Parameters
            session.setAttribute("user", username);
            session.setAttribute("user_id", user_id);
            session.setAttribute("obj_user", new_user);
            session.setAttribute("currentUser", currentUser);

        } catch (UnknownAccountException uae) {
            System.out.println("There is no user with username of " + token.getPrincipal());
        } catch (IncorrectCredentialsException ice) {
            System.out.println("Password for account " + token.getPrincipal() + " was incorrect!");
        } catch (LockedAccountException lae) {
            System.out.println("The account for username " + token.getPrincipal() + " is locked.  " + "Please contact your administrator to unlock it.");
        }
        // ... catch more exceptions here (maybe custom ones specific to your application?
        catch (AuthenticationException ae) {
            System.out.println("ERROR: " + ae);
        }
        // Done, redirect User to applications main page
        request.getRequestDispatcher(url).forward(request, response);
    } 
}

如何使用我自己的 class(参见上面的 login.java 片段)进行身份验证?

编辑结束

谁能举例说明如何:

我最终使用了 AuthenticatingFilter 的代码并创建了我自己的过滤器,这样我就可以编写 authc = com.mycompany.ssp.my_own_authFilter 不知道它是否应该是这样的,但它现在似乎可以工作