webapp 的 Apache Shiro 授权和身份验证配置
Apache Shiro Authorization and Authentication configuration for webapp
有一些配置问题。
我正在尝试将 Apache Shiro 与 mongo 数据库领域集成。
ini 文件:
[main]
mongoDBRealm = realm.MongoRealm
securityManager.realms = $mongoDBRealm
# specify login page
shiro.loginUrl = /<ProjFolderNameInEclipse>/SuppliersLogin.html
# name of request parameter with username; if not present filter assumes 'username'
#authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
#authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
#authc.rememberMeParam = remember
# redirect after successful login
authc.successUrl = /<ProjFolderNameInEclipse>/pass.html
[urls]
# enable authc filter for all application pages
/<ProjFolderNameInEclipse>/SuppliersLogin.html = authc
此 ini 正在使用:
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
..
some logic
..
}
以上代码只是为了确保领域正常工作。
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<context-param>
<param-name>shiroConfigLocations</param-name>
<param-value>classpath:shiro.ini</param-value>
</context-param>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</web-app>
现在我有位于 WebContent 文件夹内的简单登录页面:
具有以下形式:
<form method="POST" action="" name="loginform">
<header>
Sign In
</header>
<fieldset>
<section>
<label class="label">User name</label>
<label class="input"> <i class="icon-append fa fa-user"></i>
<input type="text" name="username">
<b class="tooltip tooltip-top-right"><i class="fa fa-user txt-color-teal"></i> Please enter email address/username</b></label>
</section>
<section>
<label class="label">Password</label>
<label class="input"> <i class="icon-append fa fa-lock"></i>
<input type="password" name="password">
<b class="tooltip tooltip-top-right"><i class="fa fa-lock txt-color-teal"></i> Enter your password</b> </label>
<div class="note">
<a href="forgotpassword.html">Forgot password?</a>
</div>
</section>
<section>
<label class="checkbox">
<input type="checkbox" name="remember" checked="">
<i></i>Stay signed in</label>
</section>
</fieldset>
<footer>
<!-- <button type="submit" class="btn btn-primary" value="Sign In"> -->
<button type="submit" class="btn btn-primary" value="Login" name="submit">
Sign in
</button>
</footer>
</form>
点击提交 btn 时,除了重新加载页面之外没有任何效果..
我做错了什么吗?
在我看来,shiro 不支持开箱即用的 MongoDB。请查看以下帖子,以找到可能的解决方案。请注意,我不是可能解决方案的作者:
- Full example with code - Shiro User List on nabble.com
- Shiro MongoDB code on github - by TensorWrench
当您描述您的网络应用程序的行为时,shiro 无法找到您在 shiro.ini (mongoDBRealm = realm.MongoRealm) 中指定的领域,因此它将您重定向到登录页面。
有一些配置问题。
我正在尝试将 Apache Shiro 与 mongo 数据库领域集成。
ini 文件:
[main]
mongoDBRealm = realm.MongoRealm
securityManager.realms = $mongoDBRealm
# specify login page
shiro.loginUrl = /<ProjFolderNameInEclipse>/SuppliersLogin.html
# name of request parameter with username; if not present filter assumes 'username'
#authc.usernameParam = user
# name of request parameter with password; if not present filter assumes 'password'
#authc.passwordParam = pass
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
#authc.rememberMeParam = remember
# redirect after successful login
authc.successUrl = /<ProjFolderNameInEclipse>/pass.html
[urls]
# enable authc filter for all application pages
/<ProjFolderNameInEclipse>/SuppliersLogin.html = authc
此 ini 正在使用:
public static void main(String[] args) {
Factory<SecurityManager> factory = new IniSecurityManagerFactory("shiro.ini");
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser = SecurityUtils.getSubject();
..
some logic
..
}
以上代码只是为了确保领域正常工作。
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<context-param>
<param-name>shiroConfigLocations</param-name>
<param-value>classpath:shiro.ini</param-value>
</context-param>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
</web-app>
现在我有位于 WebContent 文件夹内的简单登录页面:
具有以下形式:
<form method="POST" action="" name="loginform">
<header>
Sign In
</header>
<fieldset>
<section>
<label class="label">User name</label>
<label class="input"> <i class="icon-append fa fa-user"></i>
<input type="text" name="username">
<b class="tooltip tooltip-top-right"><i class="fa fa-user txt-color-teal"></i> Please enter email address/username</b></label>
</section>
<section>
<label class="label">Password</label>
<label class="input"> <i class="icon-append fa fa-lock"></i>
<input type="password" name="password">
<b class="tooltip tooltip-top-right"><i class="fa fa-lock txt-color-teal"></i> Enter your password</b> </label>
<div class="note">
<a href="forgotpassword.html">Forgot password?</a>
</div>
</section>
<section>
<label class="checkbox">
<input type="checkbox" name="remember" checked="">
<i></i>Stay signed in</label>
</section>
</fieldset>
<footer>
<!-- <button type="submit" class="btn btn-primary" value="Sign In"> -->
<button type="submit" class="btn btn-primary" value="Login" name="submit">
Sign in
</button>
</footer>
</form>
点击提交 btn 时,除了重新加载页面之外没有任何效果..
我做错了什么吗?
在我看来,shiro 不支持开箱即用的 MongoDB。请查看以下帖子,以找到可能的解决方案。请注意,我不是可能解决方案的作者:
- Full example with code - Shiro User List on nabble.com
- Shiro MongoDB code on github - by TensorWrench
当您描述您的网络应用程序的行为时,shiro 无法找到您在 shiro.ini (mongoDBRealm = realm.MongoRealm) 中指定的领域,因此它将您重定向到登录页面。