我想用Apache Shiro安全来保护我的球衣JAX-RS服务而不用JSP 但它不起作用。
当我使用浏览器测试我的服务时,服务器会将我重定向到登录页面 正如预期的那样,当我插入用户名和密码,然后按提交按钮 登录后服务器不会将我重定向回服务。
我收到此错误: HTTP ERROR 404访问/ rest / hello / some_text时出现问题。原因:找不到由Jetty提供支持://
我正在处理的代码可以从这里下载https://github.com/javajack/shiro-jersey.git 并寻找子项目" jersey-sample" 我只修改了shiro.ini并更改了:" authcBasic" to" authc"。
我用浏览器测试它: url:localhost:port / rest / hello / some_text
我错过了什么?
以下是我的配置:
shiro.ini:
[main]
authc.loginUrl = /connect.html
[users]
root = secret,admin
guest = guest,guest
presidentskroob = 12345,president
darkhelmet = ludicrousspeed,darklord,schwartz
lonestarr = vespa,goodguy,schwartz
[roles]
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5
[urls]
/connect.html = authc
/rest/** = authc
的web.xml:
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>rest web application JAX-RS with Security Framework</display-name>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>jersey-servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>org.apache.shiro.jersey.sample</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>org.apache.shiro.jersey.ShiroResourceFilterFactory</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-servlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
AdminSecretsResource.java
package org.apache.shiro.jersey.sample;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresRoles;
@Path("/admin")
@RequiresRoles("admin")
public class AdminSecretsResource {
@GET
public Response tellSecret() {
final String output = "Shh, the secret answer is 41.";
return Response.status(200).entity(output).build();
}
}
HelloWorldResource .java
package org.apache.shiro.jersey.sample;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
@Path("/hello")
public class HelloWorldResource {
@GET
@Path("/{message}")
public Response sayHello(@PathParam("message") String message) {
String output = "Jersey says : " + message;
return Response.status(200).entity(output).build();
}
}
connect.html
<!DOCTYPE html>
<html>
<head>
<title>Apache Shiro Tutorial Webapp : Login</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.2/css/bootstrap.min.css">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.2/css/bootstrap-theme.min.css">
<style> body{padding-top:20px;} </style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<form name="loginform" action="" method="POST" accept-charset="UTF-8" role="form">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username or Email" name="username" type="text">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="checkbox">
<label>
<input name="rememberMe" type="checkbox" value="true"> Remember Me
</label>
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="Login">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
<script src="https://code.jquery.com/jquery.js"></script>
<script src="//netdna.bootstrapcdn.com/bootstrap/3.0.2/js/bootstrap.min.js"></script>
</body>
</html>
的pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.shiro.jersey</groupId>
<artifactId>shiro-jersey-root</artifactId>
<version>1.0.0</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.shiro</groupId>
<artifactId>jersey-sample</artifactId>
<name>Apache Shiro :: Samples :: Jersey</name>
<version>1.0.0</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>[1.2.1,2.0.0)</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>[1.2.1,2.0.0)</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-jersey</artifactId>
<version>1.0.0</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>[1.10,2.0)</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-servlet</artifactId>
<version>[1.10,2.0)</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<forkMode>never</forkMode>
</configuration>
</plugin>
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.26</version>
<configuration>
<contextPath>/</contextPath>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>9080</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>
<requestLog implementation="org.mortbay.jetty.NCSARequestLog">
<filename>./target/yyyy_mm_dd.request.log</filename>
<retainDays>90</retainDays>
<append>true</append>
<extended>false</extended>
<logTimeZone>GMT</logTimeZone>
</requestLog>
</configuration>
</plugin>
</plugins>
</build>
</project>
答案 0 :(得分:1)
更新 shiro.ini 配置文件,将登录页面添加到表单身份验证过滤器,如下所示:
shiro.ini :
[urls]
/connect.html = authc
/rest/** = authc
这会告诉Shiro引擎使用FormAuthenticationFilter处理任何请求以及身份验证请求( /connect.html )。 这些路径是互补的,应该指定为正常工作。