Shiro总是将我重定向到login.jsp

时间:2012-04-05 18:26:21

标签: stripes shiro

以下是来自shiro.ini的配置

  

shiro.loginUrl = /login.jsp

     ######### URL CONFIG ################### [urls] /login.jsp = anon / public / login / ** = anon / public / app / ** = authc

条纹 ...

@UrlBinding("/public/app/")
public class CalculatorActionBean implements ActionBean {
.....

}

@UrlBinding("/public/login/")
public class UserAuthenticateBean implements ActionBean {

    private static final transient Logger log = LoggerFactory.getLogger(UserAuthenticateBean.class);
    private ActionBeanContext context;
    private String username;
    private String password;
    private String message;

    public ActionBeanContext getContext() {
        return context;
    }

    public void setContext(ActionBeanContext context) {
        this.context = context;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    @DefaultHandler
    @DontValidate
    public Resolution defaultHander() {
        return new ForwardResolution("/login.jsp");
    }

    public Resolution login() {

        Subject currentUser = SecurityUtils.getSubject();
        log.info("CU=" + currentUser.toString());


        if (!currentUser.isAuthenticated()) {
            TenantAuthenticationToken token = new TenantAuthenticationToken(username, password, "jdbcRealm");
            //UsernamePasswordToken token = new UsernamePasswordToken("akumar", "ash");
            token.setRememberMe(true);
            try {
                currentUser.login(token);
            } catch (UnknownAccountException uae) {
                log.info("There is no user with username of " + token.getPrincipal());
            } catch (IncorrectCredentialsException ice) {
                log.info("Password for account " + token.getPrincipal() + " was incorrect!");
            } catch (LockedAccountException lae) {
                log.info("The account for username " + token.getPrincipal() + " is locked.  "
                        + "Please contact your administrator to unlock it.");
            } // ... catch more exceptions here (maybe custom ones specific to your application?
            catch (AuthenticationException ae) {
                //unexpected condition?  error?
                ae.printStackTrace();
            }
        }

        if (currentUser.isAuthenticated()) {
            message = "Success";
        } else {
            message = "Fail";
        }

        System.out.println(message);


        message += getUsername() + getPassword();
        return new ForwardResolution("/logged_in.jsp");
    }
}

logged_in.jsp

<a href ="/oc/public/app">app</a>

现在,如果我删除该行 / public / app / ** = authc 从shiro.ini,我可以访问/ public / app登录用户和访客

如果我保留该行,则没有人可以访问该页面并返回login.jsp

让我疯了!

帮助!

1 个答案:

答案 0 :(得分:3)

更改您的网址配置,让'authc'过滤实际的登录网址:

[main]
...
authc.loginUrl = /login.jsp

[urls]
/login.jsp = authc
/public/login/** = anon 
/public/app/** = authc

authc过滤器非常智能,可以知道请求是否未经过身份验证,仍然允许它进入基础页面,以便用户可以登录。