我尝试在我的项目上使用Apache Shiro进行身份验证,但是没有成功。我找不到麻烦在哪里。只要有人直接访问页面/pages/principal/products.xhtml,选择要购买的产品,然后将其重定向到/purchase.xhtml即可完成购买,但在我这种情况下,我尝试的所有请求都将重定向到/login.xhtml页面。有没有人有什么建议?下面的代码。谢谢!
shiro.ini
[main]
authc.loginUrl = /login.xhtml
authc.successUrl = /index.xhtml
[users]
admin@faces.com = adminfaces, admin
user@faces.com = user, customer
[roles]
admin = *
customer = purchases
[urls]
/index.xhtml = anon
/pages/principal/products = anon
/login.xhtml = authc
/javax.faces.resource/** = anon
/logout = logout
/pages/purchase/** = authc
/protected/** = authc, roles[admin]
web.xml
...
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
...
答案 0 :(得分:0)
我的猜测是您需要更改行:
/pages/principal/products = anon至/pages/principal/products.xhtml = anon
您也许也可以使用permissive过滤器
答案 1 :(得分:0)
我能够解决我的麻烦。我正在使用redhat PicketLink解决方案。它使用流畅的Java语言来配置安全路径,并且学习曲线较低。我正在考虑将Apache Shiro作为安全性的绝佳API,但是我有一点时间来学习它。感谢@Brian Demers的帮助。