shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Redirect after successful login
Date Wed, 18 Apr 2012 21:38:54 GMT
Hi there,

The FormAuthenticationFilter performs the login for you.  If you want
to control the login yourself, via your own MVC framework, e.g. JSF,
you need to let the request pass through to your underlying MVC
controller and/or page.  To do this, you'll need to change the 'authc'
filter to be a PassThruAuthenticationFilter.  (If helpful, you can
read about this in the FormAuthenticationFilter [1] and
PassThruAuthenticationFilter [2] JavaDoc).

Example:

[main]
...
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
# set the loginUrl/successUrl/unauthorizedUrl as desired

The one trick however, is that since you are executing the
authentication attempt in your controller/page yourself, you are
responsible for redirecting the user back to their originally
requested page.

For example:

Subject.login(authcToken);
WebUtils.redirectToSavedRequest(request, response, fallbackUrl);

where 'fallbackUrl' is a URL to redirect them to in case there is no
saved request.

[1] http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
[2] http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/PassThruAuthenticationFilter.html

HTH!

Best,

--
Les Hazlewood
CTO, Stormpath | http://www.stormpath.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
blog: http://leshazlewood.com
stormpath blog: http://www.stormpath.com/blog

On Wed, Apr 18, 2012 at 2:14 PM, tarka <info@tarka.tv> wrote:
> I'm new to Shiro and I'm developing a pretty standard web app. For some
> reason I am having problems with the post login URL. All I am trying to
> achieve is;
>
> 1. If a resource was requested directly that post login the original request
> is completed
> 2. If no specific resource is requested (ie. The just request the login
> page) they are redirected to a specific url.
>
> The documentation that I've read suggests that this functionality should be
> available pretty much out of the box. Unfortunately neither of these
> features are working for me! Regardless of what resource is requested, post
> successful login the user is simply redirected back to the login page. At
> first I didn't think the authentication process was working but I placed a
> conditional render on the login page at its working fine, its just not
> redirecting the user.
>
> In my shiro.ini file I have specified a "authc.successUrl =
> /postLoginPage.jsf" as I assume this is the URL that should be returned if
> no 'original URL' was requested to trigger the authentication. I am using
> JSF with the standard JdbcRealm and a custom passwordMatcher.
>
> My Shiro.ini file:
>
> # This is the core shiro configuration file
>
> [main]
> # JDBC Database connection used for authentication
> jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
> jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username =
> ?
> jdbcRealm.userRolesQuery = SELECT role FROM roles WHERE username = ?
> jdbcRealm.permissionsQuery = SELECT role_permission FROM roles WHERE
> role_name = ?
>
> ds = com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource
> ds.url=jdbc:mysql://***.***.*.**:3306
> ds.user = *********
> ds.password = *************
> jdbcRealm.dataSource=$ds
>
>
> # Using default form based security filter
> org.apache.shiro.web.filter.authc.FormAuthenticationFilter
> authc.loginUrl = /login.jsf
>
> # Redirect after successful login
> authc.successUrl = /postLoginPage.jsf
>
> # Redirect to an access denied page if user does not have access rights
> roles.unauthorizedUrl = /error/accessDenied.jsf
>
>
> # PasswordMatcher and PasswordService are used to match password hash during
> authentication
> passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
> passwordMatcher = tv.tarka.security.PasswordMatcherExtension
> passwordMatcher.passwordService = $passwordService
> jdbcRealm.credentialsMatcher = $passwordMatcher
>
>
> # URLs that require access control with the authorised roles
> [urls]
> /admin/** = authc, roles[ROLE_ADMIN]
> /account/** = authc, roles[ROLE_USER]
> /login.jsf = ssl[8181],authc
>
>
> And my login():
>
>    public void login() {
>
>        if (!SecurityUtils.getSubject().isAuthenticated()) {
>            try {
>                UsernamePasswordToken userToken = new
> UsernamePasswordToken(name, password);
>                userToken.setRememberMe(rememberMe);
>                SecurityUtils.getSubject().login(userToken);
>            } catch (UnknownAccountException uae) {
>                JsfUtil.addErrorMessage(uae,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationUnknownAccount"));
>            } catch (IncorrectCredentialsException ice) {
>                JsfUtil.addErrorMessage(ice,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationIncorrectCredentials"));
>            } catch (LockedAccountException lae) {
>                JsfUtil.addErrorMessage(lae,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationLockedAccount"));
>            } catch (ExcessiveAttemptsException eae) {
>                JsfUtil.addErrorMessage(eae,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationExcessiveAttempts"));
>            } catch (AuthenticationException ae) {
>                JsfUtil.addErrorMessage(ae,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationFailed"));
>            } catch (Exception ex) {
>                JsfUtil.addErrorMessage(ex,
> ResourceBundle.getBundle("/Bundle").getString("AuthenticationError"));
>            }
>        }
>
>
>    }
>
>
> Thanks
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Redirect-after-successful-login-tp7478727p7478727.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Mime
View raw message