Shiro redirecting to login page after successful login when added Hazlecast

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
Hello,
I was able to successfully login with Shiro and do all the actions associated with that user.

In the below shiro.in, I do not configured below:
# use native session management so we can configure our own session clustering:
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
# We have configured Hazelcast to enforce a TTL for the activeSessions Map. No need for Shiro to invalidate!
sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager
 
# Configure Hazelcast as our Shiro CacheManager. Adding session capacity is as easy as adding Hazelcast nodes!
cacheManager = org.apache.shiro.hazelcast.cache.HazelcastCacheManager
securityManager.cacheManager = $cacheManager

When I tried to add Shiro Hazlecast, every time user login shiro redirecting back to login page.

JSF + Primefaces + JPA + JBoss 7.1

shiro.ini
------------
[main]
# set custom authenticator
authenticator = gov.ga.sbwc.icms.core.auth.realm.MultiTenantAuthenticator
securityManager.authenticator = $authenticator

# set custom authorizer
authorizer = gov.ga.sbwc.icms.core.auth.realm.MultiTenantAuthorizer
securityManager.authorizer = $authorizer

# Set Authentication Strategy
#authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy

# set JPA Realm
jpaRealm = gov.ga.sbwc.icms.core.auth.realm.JpaRealm
jpaRealm.authorizationCachingEnabled = false

# set LDAP Realm
ldapRealm = gov.ga.sbwc.icms.core.auth.realm.LdapRealm
ldapRealm.authorizationCachingEnabled = false

# Set the order in which the Realm are initiated
securityManager.realms = $jpaRealm, $ldapRealm
#securityManager.authenticator.authenticationStrategy = $authcStrategy

# Configure JPA realm password hashing.
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jpaRealm.credentialsMatcher = $passwordMatcher

# use native session management so we can configure our own session clustering:
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
# We have configured Hazelcast to enforce a TTL for the activeSessions Map. No need for Shiro to invalidate!
sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager
 
# Configure Hazelcast as our Shiro CacheManager. Adding session capacity is as easy as adding Hazelcast nodes!
cacheManager = org.apache.shiro.hazelcast.cache.HazelcastCacheManager
securityManager.cacheManager = $cacheManager

user.loginUrl = /pages/public/login/login.xhtml

# roles filter: redirect to error page if user does not have access rights
roles.unauthorizedUrl = /pages/errorpages/accessdenied.xhtml

[urls]
# enable authc filter for all application pages
/pages/public/login/login.xhtml = user
/pages/public/** = anon
/logout = logout
/pages/forms/** = user
/pages/external/** = user
/pages/internal/** = user
/pages/common/** = user

Custom Filter
----------------
public class IcmsFilter implements Filter {
       
        private static final String AJAX_REDIRECT_XML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
                + "<partial-response><redirect url=\"%s\"></redirect></partial-response>";
       
        private static long maxAge = 86400 * 30;
       
        public void init(FilterConfig config) throws ServletException {
        }

        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
                HttpServletResponse response = (HttpServletResponse) res;
                HttpServletRequest request = (HttpServletRequest) req;
                String loginURL = request.getContextPath() + "/" + IcmsConstants.LOGIN_PAGE;

                try {
                        HttpSession session = request.getSession(false);
                       
                        String uri = request.getRequestURI();
                boolean loggedIn = session != null && isLoggedIn();
                        boolean loginRequest = request.getRequestURI().equals(loginURL);
                boolean resourceRequest = request.getRequestURI().startsWith(request.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER + "/");
                boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request"));
                boolean recoveryRequest = request.getRequestURI().equals(request.getContextPath() + "/" + IcmsConstants.ID_RECOVERY_PAGE) || request.getRequestURI().equals(request.getContextPath() + "/" + IcmsConstants.PASSWORD_RECOVERY_PAGE);
                boolean registerRequest = request.getRequestURI().equals(request.getContextPath() + "/" + IcmsConstants.TERMS_CONDITIONS_PAGE) || request.getRequestURI().equals(request.getContextPath() + "/" + IcmsConstants.REGISTER_PAGE);
                boolean captchaRequest = request.getRequestURI().equals(request.getContextPath() + "/" + IcmsConstants.SIMPLE_CAPTCHA_PAGE);

                        if (loggedIn || loginRequest || resourceRequest || recoveryRequest || registerRequest || captchaRequest) {
                                if (!resourceRequest) { // Prevent browser from caching restricted resources. See also http://stackoverflow.com/q/4194207/157882
                        response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
                        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                        response.setDateHeader("Expires", 0); // Proxies.
                    } else if (uri.contains(".js") || uri.contains(".css") || uri.contains(".svg") || uri.contains(".gif")
                                || uri.contains(".woff") || uri.contains(".png")) {
                    response.setHeader("Cache-Control", "max-age=" + maxAge);
                    }
                                chain.doFilter(request, response);
                        } else if (ajaxRequest) {
                    response.setContentType("text/xml");
                    response.setCharacterEncoding("UTF-8");
                    response.getWriter().printf(AJAX_REDIRECT_XML, loginURL); // So, return special XML response instructing JSF ajax to send a redirect.
                } else {
                response.sendRedirect(loginURL);
                        }
                } catch (FileNotFoundException e) {
                        response.sendError(HttpServletResponse.SC_NOT_FOUND, request.getRequestURI());
                } catch (ServletException e) {
                        response.sendRedirect(loginURL);
                } catch (Exception e) {
                        response.sendRedirect(loginURL);
                }
        }

        public void destroy() {

        }

        public boolean isLoggedIn() {
                try {
                        Subject currentUser = SecurityUtils.getSubject();
                        if (currentUser != null && currentUser.isAuthenticated()) {
                                return true;
                        }
                        return false;

                } catch (Exception ex) {
                        return false;
                }
        }
}
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
If you haven't already seen this take a look at this blog/example:

If I had to guess I would say your cache is out of sync between nodes?

On Wed, Jun 7, 2017 at 12:27 PM, trinadhm <[hidden email]> wrote:
Hello,
I was able to successfully login with Shiro and do all the actions
associated with that user.

In the below shiro.in, I do not configured below:
# use native session management so we can configure our own session
clustering:
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
# We have configured Hazelcast to enforce a TTL for the activeSessions Map.
No need for Shiro to invalidate!
sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager

# Configure Hazelcast as our Shiro CacheManager. Adding session capacity is
as easy as adding Hazelcast nodes!
cacheManager = org.apache.shiro.hazelcast.cache.HazelcastCacheManager
securityManager.cacheManager = $cacheManager

When I tried to add Shiro Hazlecast, every time user login shiro redirecting
back to login page.

JSF + Primefaces + JPA + JBoss 7.1

shiro.ini
------------
[main]
# set custom authenticator
authenticator = gov.ga.sbwc.icms.core.auth.realm.MultiTenantAuthenticator
securityManager.authenticator = $authenticator

# set custom authorizer
authorizer = gov.ga.sbwc.icms.core.auth.realm.MultiTenantAuthorizer
securityManager.authorizer = $authorizer

# Set Authentication Strategy
#authcStrategy = org.apache.shiro.authc.pam.FirstSuccessfulStrategy

# set JPA Realm
jpaRealm = gov.ga.sbwc.icms.core.auth.realm.JpaRealm
jpaRealm.authorizationCachingEnabled = false

# set LDAP Realm
ldapRealm = gov.ga.sbwc.icms.core.auth.realm.LdapRealm
ldapRealm.authorizationCachingEnabled = false

# Set the order in which the Realm are initiated
securityManager.realms = $jpaRealm, $ldapRealm
#securityManager.authenticator.authenticationStrategy = $authcStrategy

# Configure JPA realm password hashing.
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
passwordMatcher.passwordService = $passwordService
jpaRealm.credentialsMatcher = $passwordMatcher

# use native session management so we can configure our own session
clustering:
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
# We have configured Hazelcast to enforce a TTL for the activeSessions Map.
No need for Shiro to invalidate!
sessionManager.sessionValidationSchedulerEnabled = false
securityManager.sessionManager = $sessionManager

# Configure Hazelcast as our Shiro CacheManager. Adding session capacity is
as easy as adding Hazelcast nodes!
cacheManager = org.apache.shiro.hazelcast.cache.HazelcastCacheManager
securityManager.cacheManager = $cacheManager

user.loginUrl = /pages/public/login/login.xhtml

# roles filter: redirect to error page if user does not have access rights
roles.unauthorizedUrl = /pages/errorpages/accessdenied.xhtml

[urls]
# enable authc filter for all application pages
/pages/public/login/login.xhtml = user
/pages/public/** = anon
/logout = logout
/pages/forms/** = user
/pages/external/** = user
/pages/internal/** = user
/pages/common/** = user

Custom Filter
----------------
public class IcmsFilter implements Filter {

        private static final String AJAX_REDIRECT_XML = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>"
                + "<partial-response><redirect
url=\"%s\"></redirect></partial-response>";

        private static long maxAge = 86400 * 30;

        public void init(FilterConfig config) throws ServletException {
        }

        public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException {
                HttpServletResponse response = (HttpServletResponse) res;
                HttpServletRequest request = (HttpServletRequest) req;
                String loginURL = request.getContextPath() + "/" +
IcmsConstants.LOGIN_PAGE;

                try {
                        HttpSession session = request.getSession(false);

                        String uri = request.getRequestURI();
                boolean loggedIn = session != null && isLoggedIn();
                        boolean loginRequest = request.getRequestURI().equals(loginURL);
                boolean resourceRequest =
request.getRequestURI().startsWith(request.getContextPath() +
ResourceHandler.RESOURCE_IDENTIFIER + "/");
                boolean ajaxRequest =
"partial/ajax".equals(request.getHeader("Faces-Request"));
                boolean recoveryRequest =
request.getRequestURI().equals(request.getContextPath() + "/" +
IcmsConstants.ID_RECOVERY_PAGE) ||
request.getRequestURI().equals(request.getContextPath() + "/" +
IcmsConstants.PASSWORD_RECOVERY_PAGE);
                boolean registerRequest =
request.getRequestURI().equals(request.getContextPath() + "/" +
IcmsConstants.TERMS_CONDITIONS_PAGE) ||
request.getRequestURI().equals(request.getContextPath() + "/" +
IcmsConstants.REGISTER_PAGE);
                boolean captchaRequest =
request.getRequestURI().equals(request.getContextPath() + "/" +
IcmsConstants.SIMPLE_CAPTCHA_PAGE);

                        if (loggedIn || loginRequest || resourceRequest || recoveryRequest ||
registerRequest || captchaRequest) {
                                if (!resourceRequest) { // Prevent browser from caching restricted
resources. See also http://stackoverflow.com/q/4194207/157882
                        response.setHeader("Cache-Control", "no-cache, no-store,
must-revalidate"); // HTTP 1.1.
                        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
                        response.setDateHeader("Expires", 0); // Proxies.
                    } else if (uri.contains(".js") || uri.contains(".css") ||
uri.contains(".svg") || uri.contains(".gif")
                                || uri.contains(".woff") || uri.contains(".png")) {
                        response.setHeader("Cache-Control", "max-age=" + maxAge);
                    }
                                chain.doFilter(request, response);
                        } else if (ajaxRequest) {
                    response.setContentType("text/xml");
                    response.setCharacterEncoding("UTF-8");
                    response.getWriter().printf(AJAX_REDIRECT_XML, loginURL); //
So, return special XML response instructing JSF ajax to send a redirect.
                } else {
                        response.sendRedirect(loginURL);
                        }
                } catch (FileNotFoundException e) {
                        response.sendError(HttpServletResponse.SC_NOT_FOUND,
request.getRequestURI());
                } catch (ServletException e) {
                        response.sendRedirect(loginURL);
                } catch (Exception e) {
                        response.sendRedirect(loginURL);
                }
        }

        public void destroy() {

        }

        public boolean isLoggedIn() {
                try {
                        Subject currentUser = SecurityUtils.getSubject();
                        if (currentUser != null && currentUser.isAuthenticated()) {
                                return true;
                        }
                        return false;

                } catch (Exception ex) {
                        return false;
                }
        }
}



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-redirecting-to-login-page-after-successful-login-when-added-Hazlecast-tp7581628.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
Hi Brain,

Followed the same blog attached to add Shiro-Hazelcast to the existing application to cluster web session, then I am facing this issue of redirecting to login page even after user successfully logged in using credentials. When I debugged the subject pulled as SecurityUtils.getSubject(); always returning false for subject.isAuthenticated().

I previous post I copied shiro.ini and CustomFilter for my frontend.
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
Does your setup work for a single application node?

On Thu, Jun 8, 2017 at 11:22 AM, trinadhm <[hidden email]> wrote:
Hi Brain,

Followed the same blog attached to add Shiro-Hazelcast to the existing
application to cluster web session, then I am facing this issue of
redirecting to login page even after user successfully logged in using
credentials. When I debugged the subject pulled as
SecurityUtils.getSubject(); always returning false for
subject.isAuthenticated().

I previous post I copied shiro.ini and CustomFilter for my frontend.



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-redirecting-to-login-page-after-successful-login-when-added-Hazlecast-tp7581628p7581632.html
Sent from the Shiro User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
Currently I am trying on single node. Once it is success, I will deploy on another node.
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
In reply to this post by Brian Demers
Hi Brain,

I am able to successfully login after changing map name from "default" to "shiro-activeSessionCache". After login, when I try to click on any of the actions, taking me back to login page which is caused due to SecurityUtils.getSubject() is always returning false for subject.isAuthenticated()
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

cwittner
Were you able to figure this out? I am attempting to switch to using
HazelCast as the distributed cache service instead of zookeeper.

After authenticating through the authc filter subsequent calls to
SecurityUtils.getSubject() are not showing as authenticated.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
Hi,

I was unable to fix it and moved on. We are not using Hazelcast or any other
software.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
How many nodes do you have?

On Mon, Nov 26, 2018 at 11:45 AM trinadhm <[hidden email]> wrote:
Hi,

I was unable to fix it and moved on. We are not using Hazelcast or any other
software.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
2 nodes with JBoss EAP 6.4.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
Is JBoss setting a session cookie? If so that might be the issue (as you want Shiro to manage the session)

On Mon, Nov 26, 2018 at 11:53 AM trinadhm <[hidden email]> wrote:
2 nodes with JBoss EAP 6.4.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

cwittner
I have a single node under tomcat and shiro is setting a session cookie. The session key is the same between requests. I did find that the authentication information is not being cached in hazelcast. The map under the realm cache name is empty. 

On Mon, Nov 26, 2018 at 8:58 AM Brian Demers <[hidden email]> wrote:
Is JBoss setting a session cookie? If so that might be the issue (as you want Shiro to manage the session)

On Mon, Nov 26, 2018 at 11:53 AM trinadhm <[hidden email]> wrote:
2 nodes with JBoss EAP 6.4.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
--

Curtis Wittner
Senior Software Developer
Integrated Services, Inc.
[hidden email]
www.ints.com
P:800-252-3099 x 235
F:503-968-9100
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

cwittner
I figured out my problem. My environment uses a custom session object that
extends SimpleSession. The attributes object was not being serialized or
deserialized  properly from the hazelcast objects. I copied the
SimpleSession readObject and writeObject logic into my custom class and the
hazelcast cache is working properly now.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
Thanks for the follow-up!

On Mon, Jan 7, 2019 at 5:19 PM cwittner <[hidden email]> wrote:
I figured out my problem. My environment uses a custom session object that
extends SimpleSession. The attributes object was not being serialized or
deserialized  properly from the hazelcast objects. I copied the
SimpleSession readObject and writeObject logic into my custom class and the
hazelcast cache is working properly now.



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
In reply to this post by cwittner
Hi cwittner,

I would like to use Hazelcast along with Shiro. Can you help out fixing this
issue?

How to identify the session key? What is the custom session object? Can you
provide me sample code?



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
This post is a little older, but take a look at this post: https://stormpath.com/blog/hazelcast-support-apache-shiro and let us know if that helps

On Mon, Feb 25, 2019 at 1:51 PM trinadhm <[hidden email]> wrote:
Hi cwittner,

I would like to use Hazelcast along with Shiro. Can you help out fixing this
issue?

How to identify the session key? What is the custom session object? Can you
provide me sample code?



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
Thank you Brain. I was following the same documentation and configured
everything as explained
Somehow I was unable to make it work on single node. When I commented out
Filter, I was able to login.
Once login, if I try to click on any of the menu, it is taking me back to
login page.

I am using Spring + JSF 2 + Shiro + tomcat 8.5



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
Can you put together a reproduce sample and stick it on github?

On Mon, Feb 25, 2019 at 2:40 PM trinadhm <[hidden email]> wrote:
Thank you Brain. I was following the same documentation and configured
everything as explained
Somehow I was unable to make it work on single node. When I commented out
Filter, I was able to login.
Once login, if I try to click on any of the menu, it is taking me back to
login page.

I am using Spring + JSF 2 + Shiro + tomcat 8.5



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

trinadhm
This post was updated on .
Brain,

I cannot put it together as this involves lot of components integrated.
I think I found an issue, but not sure how to fix. As I said earlier I am
using JSF 2 + Spring + Primefaces

When I login first time, the request pass through FacesAjaxAwareUserFilter
and redirecting back to Login page. When I try to login second time, it
taking me to home page since the request did not pass through
FacesAjaxAwareUserFilter. Once logged in, if I try to do click any
action,the request pass through FacesAjaxAwareUserFilter and takes me back
to Login Page.

I know how to configure in shiro.ini
user=web.filter.FacesAjaxAwareUserFilter
user.loginUrl=/pages/pub/lgn/login.xhtml

but in Spring not sure how to configure in above way


Spring Shiro configuration

<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <property name="loginUrl" value="/pages/pub/lgn/login.xhtml"/>
            <property name="successUrl" value="/page/sec/cmn/home.xhtml" />
            <property name="unauthorizedUrl"
value="/pages/sec/err/accessdenied.xhtml"/>
            <property name="filters">
                <util:map>
                    <entry key="user" value-ref="userFilter"/>
                </util:map>
            </property>
            <property name="filterChainDefinitions">
                <value>
                /javax.faces.resource/** = noSessionCreation, anon
                /pages/pub/lgn/login.xhtml = noSessionCreation, anon
                                /pages/pub/** = anon
                                /logout = logout
                                /pages/sec/** = user
                                /rest/** = noSessionCreation, anon
                </value>
            </property>
        </bean>
        <bean id="userFilter" class="web.filter.FacesAjaxAwareUserFilter"/>

public class FacesAjaxAwareUserFilter extends UserFilter {

    private static final String FACES_REDIRECT_XML = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>"
            + "<partial-response><redirect
url=\"%s\"></redirect></partial-response>";

    @Override
    protected void redirectToLogin(ServletRequest req, ServletResponse res)
throws IOException {
        HttpServletRequest request = (HttpServletRequest) req;

        if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
            res.setContentType("text/xml");
            res.setCharacterEncoding("UTF-8");
            res.getWriter().printf(FACES_REDIRECT_XML,
request.getContextPath() + getLoginUrl());
        } else {
            super.redirectToLogin(req, res);
        }
    }

}


Also tried removing UserFilter. Once login if I click on any of the menu taking me back to login page

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <property name="loginUrl" value="/pages/pub/lgn/login.xhtml"/>
            <property name="successUrl" value="/page/sec/cmn/home.xhtml" />
            <property name="unauthorizedUrl" value="/pages/sec/err/accessdenied.xhtml"/>
           
            <property name="filterChainDefinitions">
                <value>
                /javax.faces.resource/** = noSessionCreation, anon
                /pages/pub/lgn/login.xhtml = noSessionCreation, anon
                                /pages/pub/** = anon
                                /logout = logout
                                /pages/sec/** = authc
                                /rest/** = noSessionCreation, anon
                </value>
            </property>
        </bean>

Log:

[DEBUG] 2019-02-26 09:29:50,726 org.apache.shiro.session.mgt.DefaultSessionManager  - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
[DEBUG] 2019-02-26 09:29:50,728 org.apache.shiro.web.servlet.SimpleCookie  - Added HttpServletResponse Cookie [JSESSIONID=c1182d29-3e51-485c-9385-ee8039dc20de; Path=/; HttpOnly]
[DEBUG] 2019-02-26 09:29:50,746 org.apache.shiro.web.servlet.SimpleCookie  - Found 'JSESSIONID' cookie value [c1182d29-3e51-485c-9385-ee8039dc20de]

--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Shiro redirecting to login page after successful login when added Hazlecast

Brian Demers
What is the order of your filters? Is Shiro first?


On Tue, Feb 26, 2019 at 8:16 AM trinadhm <[hidden email]> wrote:
Brain,

I cannot put it together as this involves lot of components integrated.
I think I found an issue, but not sure how to fix. As I said earlier I am
using JSF 2 + Spring + Primefaces

When I login first time, the request pass through FacesAjaxAwareUserFilter
and redirecting back to Login page. When I try to login second time, it
taking me to home page since the request did not pass through
FacesAjaxAwareUserFilter. Once logged in, if I try to do click any
action,the request pass through FacesAjaxAwareUserFilter and takes me back
to Login Page.

I know how to configure in shiro.ini
user=web.filter.FacesAjaxAwareUserFilter
user.loginUrl=/pages/pub/lgn/login.xhtml

but in Spring not sure how to configure in above way


Spring Shiro configuration

<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <property name="loginUrl" value="/pages/pub/lgn/login.xhtml"/>
            <property name="successUrl" value="/page/sec/cmn/home.xhtml" />
            <property name="unauthorizedUrl"
value="/pages/sec/err/accessdenied.xhtml"/>
            <property name="filters">
                <util:map>
                    <entry key="user" value-ref="userFilter"/>
                </util:map>
            </property>
            <property name="filterChainDefinitions">
                <value>
                        /javax.faces.resource/** = noSessionCreation, anon
                        /pages/pub/lgn/login.xhtml = noSessionCreation, anon
                                /pages/pub/** = anon
                                /logout = logout
                                /pages/sec/** = user
                                /rest/** =      noSessionCreation, anon
                </value>
            </property>
        </bean>
        <bean id="userFilter" class="web.filter.FacesAjaxAwareUserFilter"/>

public class FacesAjaxAwareUserFilter extends UserFilter {

    private static final String FACES_REDIRECT_XML = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>"
            + "<partial-response><redirect
url=\"%s\"></redirect></partial-response>";

    @Override
    protected void redirectToLogin(ServletRequest req, ServletResponse res)
throws IOException {
        HttpServletRequest request = (HttpServletRequest) req;

        if ("partial/ajax".equals(request.getHeader("Faces-Request"))) {
            res.setContentType("text/xml");
            res.setCharacterEncoding("UTF-8");
            res.getWriter().printf(FACES_REDIRECT_XML,
request.getContextPath() + getLoginUrl());
        } else {
            super.redirectToLogin(req, res);
        }
    }

}



--
Sent from: http://shiro-user.582556.n2.nabble.com/
12