我正在使用 spring / hibernate / jax-rs(jersey)开展项目。我想将shiro整合到我的项目中。我在文档中做了配置。我有自己的Realm实现。
问:问题是在调用authBasic路径时,它可以正常使用MyRealm。但是,当我调用authc(FormAuthenticationFilter)时,它会显示登录页面,当我输入凭据时,它会再次进入登录页面而不会调用MyRealm。
我之前使用相同技术的项目除了春天(没有春天),我使用了相同的MyRealm。它工作得很好。
这是我的代码: 的的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Restful Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-context.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- The filter-name matches name of a 'shiroFilter' bean inside applicationContext.xml -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
org.glassfish.jersey.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>jersey.config.server.provider.packages</param-name>
<param-value>kg.enesaitech.barbulak.ws</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
弹簧context.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd">
<context:annotation-config/>
<context:component-scan base-package="kg.enesaitech.barbulak.*" />
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="successUrl" value="/apps/warehause_manager"/>
<property name="filterChainDefinitions">
<value>
/logout = logout
/apps/admin/** = authcBasic
/apps/accountant/** = authc
/apps/production_manager/** = authc, roles[admin]
</value>
</property>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<bean id="myRealm" class="kg.enesaitech.barbulak.security.MyRealm"></bean>
<bean name="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory"/>
</bean>
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean">
<property name="persistenceUnitName" value="barbulak" />
</bean>
<bean id="mapper" class="org.dozer.DozerBeanMapper" lazy-init="false">
<property name="customFieldMapper" ref="dozerCustomFieldMapper" />
<bean id="dozerCustomFieldMapper" class="kg.enesaitech.barbulak.providers.MyCustomFieldMapper" />
<tx:annotation-driven/>
</beans>
MyRealm.java 如果有帮助
package kg.enesaitech.barbulak.security;
public class MyRealm extends AuthorizingRealm {
UsersHome usersHome = new UsersHome();
RoleHome roleHome = new RoleHome();
protected boolean permissionsLookupEnabled = false;
public MyRealm() {
super();
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws org.apache.shiro.authc.AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
AuthenticationInfo info = null;
Users user = usersHome.getByUserName(username);
if(user == null || user.getUserPass() == null){
throw new UnknownAccountException("No account found for user [" + username + "]");
}
info = new SimpleAuthenticationInfo(username, user.getUserPass().toCharArray(), getName());
return info;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException("PrincipalCollection method argument cannot be null.");
}
String username = (String) getAvailablePrincipal(principals);
System.out.println("Auth | username : " + username);
Set<String> roleNames = roleHome.getNameSetByUserName(username);
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
return info;
}
}
任何建议将不胜感激。
注意:我尝试使用shiro.ini配置,但它也没有用。角色过滤器也不会调用MyRealm。只有authcBasic正常工作(调用Realm)。
答案 0 :(得分:1)
我的问题是将 /login.html = authc 添加到网址,对于像我这样搜索这一行3天的其他人。