authc 过滤器未使用 spring 在 shiro 中调用 MyRealm
authc filter is not calling MyRealm in shiro with spring
我正在与 spring/hibernate/jax-rs(球衣) 合作项目。我想将 shiro 集成到我的项目中。我按照文档进行了配置。我有自己的 Realm 实现。
Q: 问题是当调用 authBasic 路径时,它与 MyRealm 一起工作正常。但是当我调用 authc(FormAuthenticationFilter) 它显示登录页面并且当我输入凭据时它再次进入登录页面并且没有调用 MyRealm。
除了 spring(no spring) 之前,我有使用相同技术的项目,并且我使用了相同的 MyRealm。它工作正常。
这是我的代码:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Restful Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
org.glassfish.jersey.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>kg.enesaitech.barbulak.ws</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
spring-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:annotation-config/>
<context:component-scan base-package="kg.enesaitech.barbulak.*" />
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="successUrl" value="/apps/warehause_manager"/>
<property name="filterChainDefinitions">
<value>
/logout = logout
/apps/admin/** = authcBasic
/apps/accountant/** = authc
/apps/production_manager/** = authc, roles[admin]
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="myRealm" class="kg.enesaitech.barbulak.security.MyRealm"></bean>
<bean name="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean">
<property name="persistenceUnitName" value="barbulak" />
</bean>
<bean id="mapper" class="org.dozer.DozerBeanMapper" lazy-init="false">
<property name="customFieldMapper" ref="dozerCustomFieldMapper" />
<bean id="dozerCustomFieldMapper" class="kg.enesaitech.barbulak.providers.MyCustomFieldMapper" />
<tx:annotation-driven/>
</beans>
MyRealm.java 如果有帮助
package kg.enesaitech.barbulak.security;
public class MyRealm extends AuthorizingRealm {
UsersHome usersHome = new UsersHome();
RoleHome roleHome = new RoleHome();
protected boolean permissionsLookupEnabled = false;
public MyRealm() {
super();
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws org.apache.shiro.authc.AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
AuthenticationInfo info = null;
Users user = usersHome.getByUserName(username);
if(user == null || user.getUserPass() == null){
throw new UnknownAccountException("No account found for user [" + username + "]");
}
info = new SimpleAuthenticationInfo(username, user.getUserPass().toCharArray(), getName());
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
String username = (String) getAvailablePrincipal(principals);
System.out.println("Auth | username : " + username);
Set<String> roleNames = roleHome.getNameSetByUserName(username);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
return info;
}
}
如有任何建议,我们将不胜感激。
注意:我尝试使用 shiro.ini 配置,但它也不起作用。角色过滤器也不会调用 MyRealm。只有 authcBasic 工作正常(调用 Realm)。
我的问题是将 /login.html = authc 添加到 url,对于像我这样搜索这一行 3 天的其他人。
我正在与 spring/hibernate/jax-rs(球衣) 合作项目。我想将 shiro 集成到我的项目中。我按照文档进行了配置。我有自己的 Realm 实现。
Q: 问题是当调用 authBasic 路径时,它与 MyRealm 一起工作正常。但是当我调用 authc(FormAuthenticationFilter) 它显示登录页面并且当我输入凭据时它再次进入登录页面并且没有调用 MyRealm。
除了 spring(no spring) 之前,我有使用相同技术的项目,并且我使用了相同的 MyRealm。它工作正常。
这是我的代码: web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Restful Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
org.glassfish.jersey.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>kg.enesaitech.barbulak.ws</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
spring-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:annotation-config/>
<context:component-scan base-package="kg.enesaitech.barbulak.*" />
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="successUrl" value="/apps/warehause_manager"/>
<property name="filterChainDefinitions">
<value>
/logout = logout
/apps/admin/** = authcBasic
/apps/accountant/** = authc
/apps/production_manager/** = authc, roles[admin]
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="myRealm" class="kg.enesaitech.barbulak.security.MyRealm"></bean>
<bean name="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean">
<property name="persistenceUnitName" value="barbulak" />
</bean>
<bean id="mapper" class="org.dozer.DozerBeanMapper" lazy-init="false">
<property name="customFieldMapper" ref="dozerCustomFieldMapper" />
<bean id="dozerCustomFieldMapper" class="kg.enesaitech.barbulak.providers.MyCustomFieldMapper" />
<tx:annotation-driven/>
</beans>
MyRealm.java 如果有帮助
package kg.enesaitech.barbulak.security;
public class MyRealm extends AuthorizingRealm {
UsersHome usersHome = new UsersHome();
RoleHome roleHome = new RoleHome();
protected boolean permissionsLookupEnabled = false;
public MyRealm() {
super();
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws org.apache.shiro.authc.AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
AuthenticationInfo info = null;
Users user = usersHome.getByUserName(username);
if(user == null || user.getUserPass() == null){
throw new UnknownAccountException("No account found for user [" + username + "]");
}
info = new SimpleAuthenticationInfo(username, user.getUserPass().toCharArray(), getName());
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
String username = (String) getAvailablePrincipal(principals);
System.out.println("Auth | username : " + username);
Set<String> roleNames = roleHome.getNameSetByUserName(username);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
return info;
}
}
如有任何建议,我们将不胜感激。
注意:我尝试使用 shiro.ini 配置,但它也不起作用。角色过滤器也不会调用 MyRealm。只有 authcBasic 工作正常(调用 Realm)。
我的问题是将 /login.html = authc 添加到 url,对于像我这样搜索这一行 3 天的其他人。