我在我目前开发的网站中使用Primefaces 4.0和Shiro 1.2.2。 我的表单被解释,Primefaces组件显示没有问题。但是当我在我的应用程序上启用安全性时,我的表单(至少是登录页面)不会显示Primefaces渲染。我知道Shiro拦截了所有HTTP请求以控制访问,但为什么我的表单看起来好像我没有使用Primefaces?请问您对我的问题有解决方案吗?是否有可能整合Shiro和Primefaces?
的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<welcome-file-list>
<welcome-file>faces/index.xhtml</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<resource-ref>
<res-ref-name>connectionPool</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>redmond</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
</web-app>
shiro.ini:
[main]
authc.loginUrl = /faces/login.xhtml
authc.usernameParam = login:username
authc.passwordParam = login:password
authc.rememberMeParam = login:rememberMe
user.loginUrl = /faces/login.xhtml
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
# Configure JDBC realm password hashing.
redentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
jdbcRealm.credentialsMatcher = $credentialsMatcher
# Configure JDBC realm SQL queries.
jdbcRealm.authenticationQuery = SELECT password FROM USER WHERE username = ?
dbcRealm.userRolesQuery = SELECT role FROM ROLE WHERE userId = (SELECT id FROM USER WHERE username = ?)
# Configure JDBC realm datasource. DataSource properties
dataSource = org.apache.derby.jdbc.ClientDataSource
dataSource.serverName = localhost
dataSource.portNumber = 1527
dataSource.databaseName = testdb
dataSource.user = admin
dataSource.password = admin
jdbcRealm.dataSource = $dataSource
[users]
admin = password
[urls]
/faces/login.xhtml = authc
/faces/** = authc
我是使用JSF,Primefaces和Shiro进行Web开发的初学者。
感谢您的帮助。
答案 0 :(得分:4)
这是最后一个条目,
[urls] /faces/login.xhtml = authc /faces/** = authc
您已告诉Shiro对与/faces/**匹配的每个未映射的网址进行身份验证。因此,这也涵盖了JSF资源,例如由JSF组件自动包含的CSS / JS /图像文件(如在PrimeFaces中)。实际上,当浏览器想要下载例如CSS文件,它接收登录页面而不是实际的CSS内容,因此无法应用定义的CSS样式。您可以自己在浏览器的地址栏中输入CSS文件的URL来自行查看。您将看到登录页面,而不是CSS文件内容。网络浏览器“面对面”正好面临这个问题。
您需要明确告诉Shiro允许对JSF资源进行未经身份验证的(匿名)访问。这些资源由额外的/javax.faces.resource路径标识(由JSF API中的ResourceHandler#RESOURCE_IDENTIFIER常量定义)。
[urls] /faces/login.xhtml = authc /faces/javax.faces.resource/** = anon /faces/** = authc