我正在使用Apache Shiro作为我的Web应用程序,而且我无法按预期工作。
我需要的是Shiro框架的授权部分,但我不能遵循任何指南,因为它们都是不同的,我不能让它在我的应用程序中工作。
以下是我想要使用Shiro Framework:
现在我的应用程序就是这样做的:
action参数calles login.java(servlet)到目前为止,我发现了以下几点:
shiro.ini:
[main]
# define login page
authc.loginUrl = /SSP/login.jsp
# name of request parameter with username;
authc.usernameParam = username
# name of request parameter with password;
authc.passwordParam = password
# redirect after successful login
authc.successUrl = /SSP/portal.jsp
[urls]
# enable authc filter for all application pages
/SSP/**=authc
我的web.xml的shiro部分如下所示:
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
我的pom.xml的一部分:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.2.4</version>
</dependency>
我得到的错误:
java.lang.IllegalArgumentException: Configuration error.
Specified object [authc] with property [loginUrl] without first defining that object's class.
Please first specify the class property first, e.g. myObject = fully_qualified_class_name and then define additional properties.
编辑:
看来shiro.ini中的这一行做了诀窍:
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
但现在我遇到了问题,即应用程序不使用我自己的登录类
login.java:
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String url = "/login.jsp";
// Get Login credentials from Login form
username = request.getParameter("username");
password = request.getParameter("password");
//SecurityManager securityManager = Startup.getSecurityManager();
//2. Get the current Subject:
Subject currentUser = SecurityUtils.getSubject();
//3. Login:
if (!currentUser.isAuthenticated()) {
// create UsernamePasswordToken
UsernamePasswordToken token = new UsernamePasswordToken("cn=" + username + ",ou=People,dc=maxcrc,dc=com", password);
try {
currentUser.login(token);
token.clear();
url = "/portal.jsp";
System.out.println("User [" + currentUser.getPrincipal() +"] logged succesfully");
//4. Create User Session
Session session = currentUser.getSession();
// get user_id
user_id = get_users_id(username);
// create new object of User class
User new_user = new User(user_id, username);
// Set HTTP Session Parameters
session.setAttribute("user", username);
session.setAttribute("user_id", user_id);
session.setAttribute("obj_user", new_user);
session.setAttribute("currentUser", currentUser);
} catch (UnknownAccountException uae) {
System.out.println("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
System.out.println("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
System.out.println("The account for username " + token.getPrincipal() + " is locked. " + "Please contact your administrator to unlock it.");
}
// ... catch more exceptions here (maybe custom ones specific to your application?
catch (AuthenticationException ae) {
System.out.println("ERROR: " + ae);
}
// Done, redirect User to applications main page
request.getRequestDispatcher(url).forward(request, response);
}
}
如何使用我自己的类(请参阅上面的login.java代码段)进行身份验证?
编辑结束
任何人都可以举例说明如何:
答案 0 :(得分:1)
我最终使用了AuthenticatingFilter的代码并创建了我自己的Filter,所以我可以写authc = com.mycompany.ssp.my_own_authFilter不知道它是否应该如此,但它似乎现在有效