我尝试将Apache Shiro设置为JSF 2页面。 我想保护page1但是我可以在没有登录的情况下从未受保护的home.xhtml到达它。 从带有重定向的page1.xhtml,我到了loginpage.xhtml。 (如定义)
如果登录则工作正常。
它看起来不是目标,而是'来自'页面受到监督。 如何修改shiro.ini进行设置 home.xhtml无需登录即可使用和page1.xhtml没有登录时无法使用?
[main]
authc.loginUrl = /faces/loginpage.xhtml
//authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter - It was the same without REM
securityManager.rememberMeManager.cookie.name = demoRememberMe
[users]
a = q
[roles]
a = *
[urls]
/home.xhtml = anon
/loginpage.xhtml = authc
/page1.xhtml = authc
/protected.xhtml = authc
/faces/home.xhtml = anon
/faces/loginpage.xhtml = authc
/faces/page1.xhtml = authc
/faces/protected.xhtml = authc
/** = anon
home.xhtml:
<h:commandButton action="#{navigationController.moveToPage1}" value="Page 1" >
page1.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
<title>BEMO - Page 1</title>
<h:outputStylesheet library="css" name="styles.css" />
</h:head>
<h:form>
<h:commandButton action="home?faces-redirect=true"
value="Back To Home Page" />
</h:form>
</h:body>
</html>
的web.xml:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>