Authentication against database using shiro 1.2.1

Question

I am using Apache Shiro in my project. Currently I am using 1.1.0 version and now I am trying to migrate Shiro components to latest version 1.2.1. But when I try to do user authentication against a db it not working for some reason and I am not getting any errors but authentication is not happening.

Following are the database details I had given in shiro.ini file.

[main]
cacheManager = com.cacheManager.ShiroCacheManager
securityManager.cacheManager = $cacheManager

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm

jdbcRealm.authenticationQuery = select user_pass from users where user_name = ?
jdbcRealm.userRolesQuery = select role_name from user_roles where user_name = ?

ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = 192.168.0.75
ds.port  = 3306
ds.user = test
ds.databaseName = appfuse
jdbcRealm.dataSource = $ds

But still it is not hitting the database. I am using tomcat server and trying to use guice and shiro integration example...

Any help in this regard is really appreciated and thanks in advance for your help!

Thanks & Regards,
Gupta Katakam

Answer 1

If you are using Spring than use this

create database accessdb

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager" />
    <property name="loginUrl" value="/login" />
    <property name="successUrl" value="/homePage" />
    <property name="unauthorizedUrl" value="/unauthorized" />
    <property name="filters">
        <util:map>
            <entry key="authc">
                <bean class="org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter" />
            </entry>
        </util:map>
    </property>
    <property name="filterChainDefinitions">
        <value>
            /favicon.ico = anon
            /assets/** = anon
            /** = authc
        </value>
    </property>
</bean>

<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManagerConfigFile" value="classpath:ehcache.xml"></property>
</bean>

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="cacheManager" ref="shiroCacheManager" />
    <property name="realm" ref="myRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

<bean id="myRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
    <property name="dataSource" ref="shiroDatasource" />
    <property name="permissionsLookupEnabled" value="true" />
</bean>

<bean class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close" id="shiroDatasource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url"
        value="jdbc:mysql://localhost:3306/accessdb?autoReconnect=true&amp;zeroDateTimeBehavior=convertToNull" />
    <property name="username" value="username" />
    <property name="password" value="passwor" />
    <property name="validationQuery" value="SELECT 1" />
</bean>

Answer 2

There are a number of things different between 1.1 and 1.2 that may affect your problem... here's the one I think is most likely

• SHIRO-178 shiro.ini should now be in the WEB-INF folder. Did you move yours?

Also, there are a number of authentication related changes:

1. SHIRO-23 Integrating Jsecurity with Guice
2. SHIRO-213 Password and hash management
3. SHIRO-279 Create a simple command line utility to hash passwords
4. SHIRO-280 Create a PasswordService to automate user password management techniques
5. SHIRO-287 Enable web-configured SecurityManager to be statically accessible for non-request threads

I think it's the first one, but the entire list of release notes can be found here for 1.2.0 and here for 1.2.1