rememberMe not working after creating own realm

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

rememberMe not working after creating own realm

Simeó Reig

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: rememberMe not working after creating own realm

Brian Demers
You don't need to do anything in your realm.  Has something else changed other then your realm?

What does your "System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());" line print?

On Wed, Feb 22, 2017 at 2:16 PM, Simeó Reig <[hidden email]> wrote:

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: rememberMe not working after creating own realm

Simeó Reig

If I choose "remember me" in login form it's true, and viceversa, as it should be.

As I've just said before implementing custom realm I could see "shiroTest" cookie when I activated remember me

Nothing has changed, besides shiro.ini


Thanks

---------------------------

original shiro.ini It works

---------------------------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

[users]
admin = secret,admin
simeo = secret2,user
 
[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]

---------------------------------
New shiro.ini (does not work rememberMe functionallity)
---------------------------------


[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi



[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]










A 22-02-2017 20:46, Brian Demers escrigué:

You don't need to do anything in your realm.  Has something else changed other then your realm?
 
What does your "System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());" line print?

On Wed, Feb 22, 2017 at 2:16 PM, Simeó Reig <[hidden email]> wrote:

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: rememberMe not working after creating own realm

Brian Demers
Is your 'User' object serializable ? Do you have any exceptions in your log related to that?

On Wed, Feb 22, 2017 at 3:12 PM, Simeó Reig <[hidden email]> wrote:

If I choose "remember me" in login form it's true, and viceversa, as it should be.

As I've just said before implementing custom realm I could see "shiroTest" cookie when I activated remember me

Nothing has changed, besides shiro.ini


Thanks

---------------------------

original shiro.ini It works

---------------------------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

[users]
admin = secret,admin
simeo = secret2,user
 
[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]

---------------------------------
New shiro.ini (does not work rememberMe functionallity)
---------------------------------


[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi



[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]










A 22-02-2017 20:46, Brian Demers escrigué:

You don't need to do anything in your realm.  Has something else changed other then your realm?
 
What does your "System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());" line print?

On Wed, Feb 22, 2017 at 2:16 PM, Simeó Reig <[hidden email]> wrote:

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: rememberMe not working after creating own realm

Simeó Reig

B.I.N.G.O!!!

I didnt have any exception about it, just make it implement serializable and it works!!

you make my day, thanka again Brian

my best regards

Simeo Reig



Is your 'User' object serializable ? Do you have any exceptions in your log related to that?

On Wed, Feb 22, 2017 at 3:12 PM, Simeó Reig <[hidden email]> wrote:

If I choose "remember me" in login form it's true, and viceversa, as it should be.

As I've just said before implementing custom realm I could see "shiroTest" cookie when I activated remember me

Nothing has changed, besides shiro.ini


Thanks

---------------------------

original shiro.ini It works

---------------------------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

[users]
admin = secret,admin
simeo = secret2,user
 
[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]

---------------------------------
New shiro.ini (does not work rememberMe functionallity)
---------------------------------


[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi



[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]










A 22-02-2017 20:46, Brian Demers escrigué:

You don't need to do anything in your realm.  Has something else changed other then your realm?
 
What does your "System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());" line print?

On Wed, Feb 22, 2017 at 2:16 PM, Simeó Reig <[hidden email]> wrote:

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: rememberMe not working after creating own realm

Brian Demers
Great! Glad it is working now!

On Wed, Feb 22, 2017 at 3:58 PM, Simeó Reig <[hidden email]> wrote:

B.I.N.G.O!!!

I didnt have any exception about it, just make it implement serializable and it works!!

you make my day, thanka again Brian

my best regards

Simeo Reig



Is your 'User' object serializable ? Do you have any exceptions in your log related to that?

On Wed, Feb 22, 2017 at 3:12 PM, Simeó Reig <[hidden email]> wrote:

If I choose "remember me" in login form it's true, and viceversa, as it should be.

As I've just said before implementing custom realm I could see "shiroTest" cookie when I activated remember me

Nothing has changed, besides shiro.ini


Thanks

---------------------------

original shiro.ini It works

---------------------------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

[users]
admin = secret,admin
simeo = secret2,user
 
[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]

---------------------------------
New shiro.ini (does not work rememberMe functionallity)
---------------------------------


[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi



[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]










A 22-02-2017 20:46, Brian Demers escrigué:

You don't need to do anything in your realm.  Has something else changed other then your realm?
 
What does your "System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());" line print?

On Wed, Feb 22, 2017 at 2:16 PM, Simeó Reig <[hidden email]> wrote:

Hello All

  We had a shiro web JSF app working smoothless, but we need to have an own Realm, therefore we extended AuthorizingRealm. The system works but now rememberMe function does not work, shiro does not create the cookie.

Must we implement rememberMe function too if we implemented our Realm?? how?


Many thanks in advance


----------------

Our custom realm

-----------------


public class myRealm extends AuthorizingRealm {


    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        Set<String> roles = new HashSet<>();
        Collection<User> principalsList = principals.byType(User.class);

        if (principalsList.isEmpty())  throw new AuthorizationException("Empty principals list!");

        for (User userPrincipal : principalsList) {
            try {
                User user = new User(userPrincipal.getId(),userPrincipal.getName(),userPrincipal.getPassword());
                List<Role> userRoles = user.getRoles();
                for (Role r : userRoles) {roles.add(r.getName());
                }
            } catch (Exception rEx) {
                throw new AuthorizationException(rEx);
            }
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        info.setRoles(roles); //fill in roles
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
       
        System.out.println("isRememberMe Activated ===> " + upToken.isRememberMe());
        
        User user = new User(1,upToken.getUsername(),"password");

        if (user == null) {throw new AuthenticationException("Login name [" + upToken.getUsername() + "] not found!");}

        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(user.getSalt()), getName());
    }

}


---------

shiro.ini

---------

[main]
authc.loginUrl = /faces/login.xhtml
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.adronica.shirofaces.myRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]



------

pom.xml

---------

    <dependencies>
        
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-core</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-web</artifactId>
            <version>1.4.0-RC2</version>
        </dependency>
        
        <dependency>
            <groupId>org.apache.shiro</groupId>
            <artifactId>shiro-faces</artifactId>
            <version>2.0</version>
        </dependency>        
        
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>2.6</version>
        </dependency>
        
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.2</version>
        </dependency>
        
        <dependency>  
            <groupId>org.primefaces</groupId>  
            <artifactId>primefaces</artifactId>  
            <version>6.0</version>  
        </dependency>  
        
    </dependencies>




Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Shiro can't see Omnifaces ExtensionlessURLs rewrited urls

Simeó Reig

We have the JSF shiro project working smoothless, now we would like to add Omnifaces ExtensionlessURLs but now shiro complains because it's not able to search login (without .xhtml extension) page when authentification mechanism is triggered.

prettyfaces solution (http://www.ocpsoft.org/support/topic/rewrite-apache-shiro/)

How we can achive it?

Thanks in advance


-------------

pom.xml

-------------

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>7.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>        

    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>omnifaces</artifactId>
        <version>2.6</version> 
    </dependency>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <dependency>  
        <groupId>org.primefaces</groupId>  
        <artifactId>primefaces</artifactId>  
        <version>6.0</version>  
    </dependency>  


-------------

shiro.ini

-------------


[main] 
authc.loginUrl = /faces/login.xhtml (we tried to without extension unsuccessfuly)
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm


[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]


-------------

web.xml

-------------


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<context-param>  
    <param-name>shiroConfigLocations</param-name>  
    <param-value>/WEB-INF/shiro.ini</param-value>  
</context-param>  

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Viewpoint Secure URLs</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>    




<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>


<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml/*</param-value>
</context-param>   


<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<welcome-file-list>
    <welcome-file>faces/welcome.xhtml</welcome-file>
</welcome-file-list>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro can't see Omnifaces ExtensionlessURLs rewrited urls

Brian Demers
What URL maps to your login page?

On Thu, Feb 23, 2017 at 7:25 AM, Simeó Reig <[hidden email]> wrote:

We have the JSF shiro project working smoothless, now we would like to add Omnifaces ExtensionlessURLs but now shiro complains because it's not able to search login (without .xhtml extension) page when authentification mechanism is triggered.

prettyfaces solution (http://www.ocpsoft.org/support/topic/rewrite-apache-shiro/)

How we can achive it?

Thanks in advance


-------------

pom.xml

-------------

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>7.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>        

    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>omnifaces</artifactId>
        <version>2.6</version> 
    </dependency>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <dependency>  
        <groupId>org.primefaces</groupId>  
        <artifactId>primefaces</artifactId>  
        <version>6.0</version>  
    </dependency>  


-------------

shiro.ini

-------------


[main] 
authc.loginUrl = /faces/login.xhtml (we tried to without extension unsuccessfuly)
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm


[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]


-------------

web.xml

-------------


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<context-param>  
    <param-name>shiroConfigLocations</param-name>  
    <param-value>/WEB-INF/shiro.ini</param-value>  
</context-param>  

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Viewpoint Secure URLs</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>    




<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>


<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml/*</param-value>
</context-param>   


<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<welcome-file-list>
    <welcome-file>faces/welcome.xhtml</welcome-file>
</welcome-file-list>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro can't see Omnifaces ExtensionlessURLs rewrited urls

lprimak
In reply to this post by Simeó Reig
I have been able to achieve extensionless URLs with no issues. Can you post your config files with the extensionless setup enabled and what errors you are getting 

On Feb 23, 2017, at 6:25 AM, Simeó Reig <[hidden email]> wrote:

We have the JSF shiro project working smoothless, now we would like to add Omnifaces ExtensionlessURLs but now shiro complains because it's not able to search login (without .xhtml extension) page when authentification mechanism is triggered.

prettyfaces solution (http://www.ocpsoft.org/support/topic/rewrite-apache-shiro/)

How we can achive it?

Thanks in advance


-------------

pom.xml

-------------

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>7.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>        

    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>omnifaces</artifactId>
        <version>2.6</version> 
    </dependency>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <dependency>  
        <groupId>org.primefaces</groupId>  
        <artifactId>primefaces</artifactId>  
        <version>6.0</version>  
    </dependency>  


-------------

shiro.ini

-------------


[main] 
authc.loginUrl = /faces/login.xhtml (we tried to without extension unsuccessfuly)
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm


[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]


-------------

web.xml

-------------


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<context-param>  
    <param-name>shiroConfigLocations</param-name>  
    <param-value>/WEB-INF/shiro.ini</param-value>  
</context-param>  

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Viewpoint Secure URLs</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>    




<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>


<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml/*</param-value>
</context-param>   


<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<welcome-file-list>
    <welcome-file>faces/welcome.xhtml</welcome-file>
</welcome-file-list>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro can't see Omnifaces ExtensionlessURLs rewrited urls

Simeó Reig
In reply to this post by Brian Demers

Sorry, it was my fault ... I forgot that I haven't changed URL form login

Sorry again :-(

--

My best regards

Simeo Reig

 

What URL maps to your login page?

On Thu, Feb 23, 2017 at 7:25 AM, Simeó Reig <[hidden email]> wrote:

We have the JSF shiro project working smoothless, now we would like to add Omnifaces ExtensionlessURLs but now shiro complains because it's not able to search login (without .xhtml extension) page when authentification mechanism is triggered.

prettyfaces solution (http://www.ocpsoft.org/support/topic/rewrite-apache-shiro/)

How we can achive it?

Thanks in advance


-------------

pom.xml

-------------

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>7.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>        

    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>omnifaces</artifactId>
        <version>2.6</version> 
    </dependency>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <dependency>  
        <groupId>org.primefaces</groupId>  
        <artifactId>primefaces</artifactId>  
        <version>6.0</version>  
    </dependency>  


-------------

shiro.ini

-------------


[main] 
authc.loginUrl = /faces/login.xhtml (we tried to without extension unsuccessfuly)
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm


[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]


-------------

web.xml

-------------


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<context-param>  
    <param-name>shiroConfigLocations</param-name>  
    <param-value>/WEB-INF/shiro.ini</param-value>  
</context-param>  

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Viewpoint Secure URLs</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>    




<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>


<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml/*</param-value>
</context-param>   


<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<welcome-file-list>
    <welcome-file>faces/welcome.xhtml</welcome-file>
</welcome-file-list>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Shiro can't see Omnifaces ExtensionlessURLs rewrited urls

Simeó Reig
In reply to this post by lprimak

Sorry, it was my fault ... I forgot that I haven't changed URL form login

Sorry again :-(

--

My best regards

Simeo Reig

 
 
I have been able to achieve extensionless URLs with no issues. Can you post your config files with the extensionless setup enabled and what errors you are getting 

 
On Feb 23, 2017, at 6:25 AM, Simeó Reig <[hidden email]> wrote:

We have the JSF shiro project working smoothless, now we would like to add Omnifaces ExtensionlessURLs but now shiro complains because it's not able to search login (without .xhtml extension) page when authentification mechanism is triggered.

prettyfaces solution (http://www.ocpsoft.org/support/topic/rewrite-apache-shiro/)

How we can achive it?

Thanks in advance


-------------

pom.xml

-------------

    <dependency>
        <groupId>javax</groupId>
        <artifactId>javaee-web-api</artifactId>
        <version>7.0</version>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-core</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-web</artifactId>
        <version>1.4.0-RC2</version>
    </dependency>

    <dependency>
        <groupId>org.apache.shiro</groupId>
        <artifactId>shiro-faces</artifactId>
        <version>2.0</version>
    </dependency>        

    <dependency>
        <groupId>org.omnifaces</groupId>
        <artifactId>omnifaces</artifactId>
        <version>2.6</version> 
    </dependency>

    <dependency>
        <groupId>commons-logging</groupId>
        <artifactId>commons-logging</artifactId>
        <version>1.2</version>
    </dependency>

    <dependency>  
        <groupId>org.primefaces</groupId>  
        <artifactId>primefaces</artifactId>  
        <version>6.0</version>  
    </dependency>  


-------------

shiro.ini

-------------


[main] 
authc.loginUrl = /faces/login.xhtml (we tried to without extension unsuccessfuly)
user.loginUrl = /faces/login.xhtml

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm


[urls]
/faces/admin/index.xhtml=user
/faces/admin/protected.xhtml = user,roles[admin]


-------------

web.xml

-------------


<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<context-param>
    <param-name>javax.faces.PROJECT_STAGE</param-name>
    <param-value>Development</param-value>
</context-param>

<context-param>  
    <param-name>shiroConfigLocations</param-name>  
    <param-value>/WEB-INF/shiro.ini</param-value>  
</context-param>  

<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Viewpoint Secure URLs</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>    




<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>


<context-param>
    <param-name>org.omnifaces.FACES_VIEWS_SCAN_PATHS</param-name>
    <param-value>/*.xhtml/*</param-value>
</context-param>   


<filter>
    <filter-name>shiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>shiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

<welcome-file-list>
    <welcome-file>faces/welcome.xhtml</welcome-file>
</welcome-file-list>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Each redeploy deletes rememberMe cookies

Simeó Reig

How can we avoid to shiro removes all rememberMe cookies on each redeploy?

We have implemented a custom realm, we thougth it was because we haven't setted serialVersionUID in oir User pojo, but neither work with it

Thanks again

Simeo Reig


Shiro.ini

[main]
authc.loginUrl = /login
user.loginUrl = /login

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/      = anon
/welcome = anon
/login = user
/admin/** = user





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Each redeploy deletes rememberMe cookies

lprimak
Shiro does not remove cookies on redeploy.
Not sure what your issue is, but it’s not Shiro removing anything

On Feb 23, 2017, at 11:41 AM, Simeó Reig <[hidden email]> wrote:

How can we avoid to shiro removes all rememberMe cookies on each redeploy?

We have implemented a custom realm, we thougth it was because we haven't setted serialVersionUID in oir User pojo, but neither work with it

Thanks again

Simeo Reig


Shiro.ini

[main]
authc.loginUrl = /login
user.loginUrl = /login

adronicaRealm = com.mycompany.shirofaces.AdronicaRealm

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
securityManager.rememberMeManager.cookie.name = shiroTest
securityManager.realms = $adronicaRealm

[roles]
admin = *
user = usuaris:* , ventes:edicio, ventes:delete
user_grant = ventes:canvi

[urls]
/      = anon
/welcome = anon
/login = user
/admin/** = user






Loading...