Shiro安全性在我的grails应用程序中运行良好,但用户输入的登录信息不正确。如果他们输入错误的用户名和密码组合(通过LDAP服务器进行身份验证),我似乎在索引和登录操作之间进入无限循环。我的AuthController的一般形式是
class AuthController
{
def shiroSecurityManager
def index =
{
println "in index..."
redirect(action: "login", params: params)
}
def login =
{
println "in login..."
return [ username: params.username, rememberMe: (params.rememberMe != null), targetUri: params.targetUri ]
}
def signIn =
{
println "in signin..."
Subject subject = SecurityUtils.getSubject()
request.getSession().removeAttribute("subject")
request.getSession(true).setAttribute("subject", subject)
String lowerCaseUserName=params.username.toLowerCase()
def authToken = new UsernamePasswordToken(lowerCaseUserName, params.password)
// Support for "remember me"
if (params.rememberMe)
{
authToken.rememberMe = true
}
try
{
println "in signin try..."
subject.login(authToken)
if (subject.isAuthenticated())
{
println "in signin try if 1..."
def currentUser = User.findByEmployeeLogin(lowerCaseUserName)
if (currentUser == null)
{
log.info "Authentication failure for user '${lowerCaseUserName}'."
flash.message = message(code: "login.failed")
// Remember the target URI too.
if (params.targetUri)
{
m['targetUri'] = params.targetUri
redirect(controller: 'auth', action: 'login', params: m)
}
else
{
redirect(controller: 'auth', action: 'login')
}
}
else
{
...
redirect(controller: 'home', action: 'index')
}
}
}
catch (AuthenticationException ex)
{
println "in signin catch..."
// Authentication failed, so display the appropriate message
// on the login page.
log.info "Authentication failure for user '${lowerCaseUserName}'."
flash.message = message(code: "login.failed")
// Keep the username and "remember me" setting so that the
// user doesn't have to enter them again.
def m = [ username: lowerCaseUserName ]
if (params.rememberMe)
{
m['rememberMe'] = true
}
// Remember the target URI too.
if (params.targetUri)
{
m['targetUri'] = params.targetUri
}
// Now redirect back to the login page.
redirect(controller: 'auth', action: 'login', params: m)
}
}
}
println产生以下输出
in signin...
in signin try...
Could not connect to <MYLDAPSERVER>: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
Could not connect to <MYLDAPSERVER>: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
No LDAP server available.
in signin catch...
in login...
in index...
in login...
in index...
in login...
in index...
in login...
登录/索引输出一直持续到我收到错误
This webpage has a redirect loop
ERR_TOO_MANY_REDIRECTS
有谁知道为什么我会遇到这个问题?
编辑:我相信这可能是由于我的SecurityFilters baseFilter:
baseFilter(controller: "*", action: "*") {
before = {
/*====================================================================
* if auth controller then ok to continue
*===================================================================*/
if (controllerName.equals("auth"))
{
println "1.."
return true;
}
/*=====================================================================
* If no subject (user) and not auth controller
* then user must authenticate
*===================================================================*/
if (!session.subject && !(controllerName.equals("auth")))
{
println "2.."
params.targetUri = request.forwardURI
redirect(controller:'auth', action:'login', params: params)
return false;
}
}
after = {
try
{
println "3.."
if (!(session.subject.isAuthenticated()))
{
println "4.."
redirect(controller:'auth', action:'login', params: params)
return false;
}
}
catch(Exception e)
{
println "5.."
}
}
}
这会产生以下输出
in login...
3..
4..
1..
in login...
3..
4..
1..
in login...
3..
4..
1..
所以看起来我发现了我的问题,但我还不确定如何解决它。
答案 0 :(得分:0)
删除beforeFilter中的after动作
after = {
try
{
println "3.."
if (!(session.subject.isAuthenticated()))
{
println "4.."
redirect(controller:'auth', action:'login', params: params)
return false;
}
}
catch(Exception e)
{
println "5.."
}
}
解决了我的问题。现在,为了得到“记住我”。工作!