shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maarten Bosteels <mbosteels....@gmail.com>
Subject Re: web.xml configuration error
Date Wed, 13 May 2009 17:54:03 GMT
Hello Altuğ,

You can find some samples and other useful code here:
https://wicket-stuff.svn.sourceforge.net/svnroot/wicket-stuff/trunk/wicketstuff-core/ki-security/

regards
Maarten

On Wed, May 13, 2009 at 7:21 PM, Altuğ B. Altıntaş <altuga@gmail.com> wrote:

> I think I found the problem.
> I replaced the filters order.
>
> First  order - Apache Ki filter
> Second order - Wicket Filter
>
> now It works !
>
> Great.
>
>
>
> 2009/5/13 Altuğ B. Altıntaş <altuga@gmail.com>
>
> Hi Les;
>> Yes i 've already defined the filter, my complete web.xml file :
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!DOCTYPE web-app
>>       PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>>       "http://java.sun.com/dtd/web-app_2_3.dtd">
>>
>> <web-app>
>>     <display-name>Dodod</display-name>
>>     <filter>
>>         <filter-name>DododUrl</filter-name>
>>
>>  <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class>
>>         <init-param>
>>             <param-name>applicationClassName</param-name>
>>             <param-value>com.dodod.web.DododUygulamasi</param-value>
>>         </init-param>
>>     </filter>
>>
>>     <filter>
>>         <filter-name>KiFilter</filter-name>
>>         <filter-class>org.apache.ki.web.servlet.KiFilter</filter-class>
>>         <init-param>
>>             <param-name>config</param-name>
>>             <param-value>
>>
>>                 # The KiFilter configuration is very powerful and
>> flexible, while still remaining succinct.
>>                 # Please read the comprehensive example, with full
>> comments and explanations, in the JavaDoc:
>>                 #
>>                 #
>> http://ki.apache.org/api/org/apache/ki/web/servlet/KiFilter.html
>>
>>                 [main]
>>
>>                 myRealm  = com.dodod.security.MyRealm
>>
>>                 [filters]
>>                 ki.loginUrl = /login
>>                 authc.successUrl = /
>>
>>                 [urls]
>>                 # The /login.jsp is not restricted to authenticated users
>> (otherwise no one could log in!), but
>>                 # the 'authc' filter must still be specified for it so it
>> can process that url's
>>                 # login submissions. It is 'smart' enough to allow those
>> requests through as specified by the
>>                 # ki.loginUrl above.
>>                 /login = authcBasic
>>
>>
>>             </param-value>
>>         </init-param>
>>     </filter>
>>
>>
>>
>>     <filter-mapping>
>>         <filter-name>DodoUrl</filter-name>
>>         <url-pattern>/*</url-pattern>
>>     </filter-mapping>
>>
>>    <filter-mapping>
>>         <filter-name>KiFilter</filter-name>
>>         <url-pattern>/*</url-pattern>
>>     </filter-mapping>
>>
>>
>> </web-app>
>>
>>
>>
>>
>>
>>
>> The same exception occurs :
>>
>> Caused by: java.lang.IllegalStateException: No SecurityManager accessible
>> to this method, either bound to the org.apache.ki.util.ThreadContext or as a
>> vm static singleton.  See the org.apache.ki.SecurityUtils.getSubject()
>> method JavaDoc for an explanation of expected environment configuration.
>>         at org.apache.ki.SecurityUtils.getSubject(SecurityUtils.java:79)
>>
>> jar files that i am using
>>
>> ki-core-1.0-incubating-SNAPSHOT.jar
>> ki-web-1.0-incubating-SNAPSHOT.jar
>> commons-logging-1.0.3.jar
>> commons-beanutils-1.7.0.jar
>>
>> Thanks.
>>
>> 2009/5/13 Les Hazlewood <lhazlewood@apache.org>
>>
>> Hi Altuğ,
>>>
>>> You don't need the two lines defining the SecurityManager - that is done
>>> by default.
>>>
>>> Other than that, this looks ok.  Did you ensure that you set up a filter
>>> mapping to ensure the Filter intercepts that url (or set of urls)?
>>>
>>> For example:
>>>
>>> <filter-mapping>
>>>     <filter-name>KiFilter</filter-name>
>>>     <url-pattern>/*</url-pattern>
>>> </filter-mapping>
>>>
>>> Cheers,
>>>
>>> Les
>>>
>>>
>>> On Wed, May 13, 2009 at 7:09 AM, Altuğ B. Altıntaş <altuga@gmail.com>wrote:
>>>
>>>> Hi all;
>>>> I am using wicket and i need a security framework at that point  Apache
>>>> ki seems ok to me.
>>>>
>>>> First i am getting this error message :
>>>>
>>>> No SecurityManager accessible to this method, either bound to the
>>>> org.apache.ki.util.ThreadContext or as a vm static singleton.  See the
>>>> org.apache.ki.SecurityUtils.getSubject() method JavaDoc for an explanation
>>>> of expected environment configuration.
>>>>
>>>> When i do this :
>>>>
>>>>  UsernamePasswordToken token = new UsernamePasswordToken(email ,
>>>> password);
>>>>   token.setRememberMe(true);
>>>>
>>>>   Subject currentUser = SecurityUtils.getSubject();
>>>>   try {
>>>>             currentUser.login(token); // throws above exception
>>>>   catch(....) {
>>>>    .....
>>>>    }
>>>>
>>>> Here is my web.xml
>>>>
>>>>  <filter>
>>>>         <filter-name>KiFilter</filter-name>
>>>>         <filter-class>org.apache.ki.web.servlet.KiFilter</filter-class>
>>>>         <init-param>
>>>>             <param-name>config</param-name>
>>>>             <param-value>
>>>>                 securityManager =
>>>> org.apache.ki.web.DefaultWebSecurityManager
>>>>
>>>>                 securityManager.sessionMode = http
>>>>                 # The KiFilter configuration is very powerful and
>>>> flexible, while still remaining succinct.
>>>>                 # Please read the comprehensive example, with full
>>>> comments and explanations, in the JavaDoc:
>>>>                 #
>>>>                 #
>>>> http://ki.apache.org/api/org/apache/ki/web/servlet/KiFilter.html
>>>>
>>>>                 [main]
>>>>
>>>>                 myRealm  = com.dodod.security.MyRealm
>>>>
>>>>                 [filters]
>>>>                 ki.loginUrl = /login
>>>>                 authc.successUrl = /
>>>>
>>>>                 [urls]
>>>>                 # The /login.jsp is not restricted to authenticated
>>>> users (otherwise no one could log in!), but
>>>>                 # the 'authc' filter must still be specified for it so
>>>> it can process that url's
>>>>                 # login submissions. It is 'smart' enough to allow those
>>>> requests through as specified by the
>>>>                 # ki.loginUrl above.
>>>>                 /login= authcBasic
>>>>
>>>>
>>>>             </param-value>
>>>>         </init-param>
>>>>     </filter>
>>>>
>>>> I  wrote my own com.dodod.security.MyRealm class which
>>>> extends AuthorizingRealm and overrides doGetAuthenticationInfo
>>>> and doGetAuthorizationInfo methods.
>>>>
>>>> What is wrong ?
>>>>
>>>> Thanks.
>>>>
>>>> --
>>>> Altuğ.
>>>>
>>>
>>>
>>
>>
>> --
>> Altuğ.
>>
>
>
>
> --
> Altuğ.
>

Mime
View raw message