使用Shiro返回登录错误消息

时间:2014-02-19 20:37:38

标签: spring-mvc shiro

过滤器和重定向不是我的强项。

我在Shiro设置并在Spring工作,除了我想在停留同一页面时返回无效登录时的错误消息。所以我导致登录无效。我已经为ShiroFilterFactoryBean设置了一个属性,该属性应该将它发送到/ ldapLoginErr然后我映射到login.jsp然后在我的Controller中的错误函数中处理。但是我得到了404,而url指向我的基本URL而不是/ ldapLoginErr或/ ldapLogin。

   class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/jsp/" />
    <property name="suffix" value=".jsp" />
</bean>

<mvc:view-controller path="/ldapLogin" view-name="ldapLogin" /> 
<mvc:view-controller path="/ldapLoginSuccess" view-name="ldapLogin" /> 
<mvc:view-controller path="/ldapLoginErr" view-name="ldapLogin" /> 


          <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/ldapLogin"/>
    <property name="unauthorizedUrl" value="/ldapLogin"/>
    <property name="successUrl" value="/ldapLogin"/>
    <property name="filterChainDefinitions">
        <value>
            [urls]
            /** = ssl[8443],authc, customAuthFilter
            [main]
            /logout = logout
        </value>
    </property>   
</bean>


      @RequestMapping(value = "/ldapLogin", method = RequestMethod.GET)
public ModelAndView login(Model model, HttpSession session){
    logger.debug("start login controller function");

    ModelAndView mav = new ModelAndView();
    return mav;  
}

@RequestMapping(value = "/ldapLoginErr", method = RequestMethod.GET)
public ModelAndView loginErr(Model model, HttpSession session){
        ModelAndView mav = new ModelAndView();
    mav.addObject("errorMessage", msgSrc.getMessage("auth.notauth", null, null, null));

    return mav;  
}

@RequestMapping(value = "/ldapLoginSuccess", method = RequestMethod.GET)
public ModelAndView loginSuccess(Model model, HttpSession session){

  }


  The following didn't work either:

      <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/ldapLogin"/>
    <property name="unauthorizedUrl" value="/ldapLoginErr"/>
    <property name="successUrl" value="/ldapLoginSuccess"/>

感谢您的帮助

2 个答案:

答案 0 :(得分:5)

当身份验证失败时,Shiro会重定向到登录页面并设置名为shiroLoginFailure的请求属性。所以在我的login.jsp页面中我添加了以下内容:

<c:if test="${shiroLoginFailure != null}">
    Username or password incorrect
</c:if>

如果您不使用JSTL和EL,则可以使用JSP scriptlet:

<%
  if (request.getAttribute("shiroLoginFailure")!=null) {
%>
Username or password incorrect
<%
  }
%>

答案 1 :(得分:2)

这似乎令人费解。

创建一个控制器,其GET和POST端点映射到/ login

GET返回登录页面的视图。

POST处理对shiro登录的调用。

Authc过滤器

<bean id="authc" class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter">
    <property name="loginUrl" value="/login"/>
</bean>

过滤链def 

<property name="filterChainDefinitions">
  <value>
    /login = authc
    /logout = logout
    /secure/** = authc
  </value>
</property>

控制器

@RequestMapping(method = RequestMethod.GET)
public ModelAndView view() {
    return new ModelAndView(view);
}

@RequestMapping(method = RequestMethod.POST)
public ModelAndView login(HttpServletRequest req, HttpServletResponse res, LoginForm loginForm) {
    try {
       Subject currentUser = SecurityUtils.getSubject();
       currentUser.login(new UsernamePasswordToken(loginForm.getUsername(), loginForm.getPassword());
       WebUtils.redirectToSavedRequest(req, res, fallBackUlr);
       return null; //redirect  

    } catch(AuthenticationException e) {
       ModelAndView mav = new ModelAndView(view)
       mav.addObject("errorMessage", "error");
       return mav;
    }
}
相关问题
最新问题