CODEWITHSUNDEEP
spring-mvcspring-data-jpashiro
Samuel Anertey
Samuel Anertey

Reputation: 171

Shiro configuration

I'm trying a tutorial on how to create a login for only the admin using shiro. I got stacked up while doing the shiro configurations. I have only two pages: an admin page and a main login page for the admin.

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:web="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             version="2.4">
        <display-name>LoginTutorial</display-name>
        <filter>
            <filter-name>shiroFilter</filter-name>
            <filter-class>org.apache.shiro.web.servlet.iniShiroFilter</filter-class>
            <init-param>
                <param-name>config</param-name>
                <param-value>
                    [main]
                    realm = 
                    securityManager.realm = $realm
                    authc.loginUrl = /loginpage.jsp 

                    [user]
                    Admin = password,ROLE_ADMIN

                    [roles]
                    ROLE_ADMIN = *

                    [url]
                    <!--/account/** =authc-->
                    /adminpage = roles[ROLE_ADMIN]
                </param-value>
            </init-param>
        </filter>

        <filter-mapping>
            <filter-name>ShiroFilter</filter-name>
            <url-pattern>/</url-pattern>
        </filter-mapping>
        ...
</web-app>

Upvotes: 3

Views: 3667

Answers (1)

borigue
borigue

Reputation: 121

Are you using the Spring framework? Normally, you should define the Shiro filter in Web.xml and initialize Shiro components in applicationContext.xml (as beans).

You can do for instance as follows:

Web.xml

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/j2ee"
             xmlns:web="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
             version="2.4">
   <display-name>LoginTutorial</display-name>
<!-- Shiro filter-->
    <filter>
        <filter-name>ShiroFilter</filter-name>

        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
        <init-param>
            <param-name>targetFilterLifecycle</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>ShiroFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
...

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:couchdb="http://www.ektorp.org/schema/couchdb"
       xsi:schemaLocation="
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd
                        http://www.ektorp.org/schema/couchdb
                        http://www.ektorp.org/schema/couchdb/couchdb.xsd
                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">

  <!-- Scans within the base package of the application for @Components to configure as beans -->
  <!-- Apache Shiro customized classes are defined in the package com.6.0.shiro -->

    <context:component-scan base-package="com.6.0.shiro" />
...

  <!-- Shiro filter -->
    <bean id="ShiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
        <property name="securityManager" ref="securityManager"/>
        <property name="filters">
            <util:map>
                <entry key="myAuthcBasic">
                    <bean class="org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter"/>
                </entry>
            </util:map>
        </property>
        <property name="filterChainDefinitions">
            <value> 
                  /safe/** = myAuthcBasic
            </value>
        </property>
    </bean>
    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
        <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
        <property name="realm" ref="StaticRealm"/>
        <property name="cacheManager" ref="cacheManager"/>
        <!-- By default the servlet container sessions will be used.  Uncomment this line
        to use shiro's native sessions (see the JavaDoc for more): -->
        <!-- <property name="sessionMode" value="native"/> -->
    </bean>
    <bean id="cacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager">
    <!--property name="cacheManager" ref="ehCacheManager" /-->
    </bean>
    <!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
    <!-- StaticRealm: -->
    <bean id="StaticRealm" class="com.6.0.shiro.StaticRealm">
        <property name="credentialsMatcher" ref="credMatcher">
        </property>
    </bean>
    <bean id="credMatcher" class="com.example.shiro.ReverseCredentialsMatcher"/>
    ...

Upvotes: 4

Related Questions