SpringMVCアプリケーションを保護するためにApacheShiroを使用しています。これは私の設定です:
<!-- Shiro -->
<bean id = "hibernateRealm" class = "com.bidapp.presentation.shiro.HibernateRealm" />
<bean id = "securityManager" class = "org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name = "realm" ref = "hibernateRealm" />
</bean>
<bean id = "lifecycleBeanPostProcessor" class = "org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id = "shiroFilter" class = "org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name = "securityManager" ref = "securityManager" />
</bean>
<!-- Shiro -->
web.xml内(とりわけ)
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
私のログインページはにありcontext/account/login
ます。フォームを送信しようとすると、メッセージ付きの400 HTTPエラーコードが表示The request sent by the client was syntactically incorrect ().
され、Shiroによって次のログが記録されます。
365348 [http-bio-8080-exec-5] TRACE o.a.s.w.s.OncePerRequestFilter - Filter 'shiroFilter' not yet executed. Executing now.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - Context already contains a SecurityManager instance. Returning.
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No identity (PrincipalCollection) found in the context. Looking for a remembered identity.
365349 [http-bio-8080-exec-5] TRACE o.a.shiro.web.servlet.SimpleCookie - No 'rememberMe' cookie value
365349 [http-bio-8080-exec-5] TRACE o.a.s.mgt.DefaultSecurityManager - No remembered identity found. Returning original context.
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] to thread [http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Bound value of type [org.apache.shiro.web.mgt.DefaultWebSecurityManager] for key [org.apache.shiro.util.ThreadContext_SECURITY_MANAGER_KEY] to thread [http-bio-8080-exec-5]
365349 [http-bio-8080-exec-5] TRACE o.a.s.w.servlet.AbstractShiroFilter - No FilterChain configured for the current request. Using the default.
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - get() - in thread [http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE org.apache.shiro.util.ThreadContext - Retrieved value of type [org.apache.shiro.web.subject.support.WebDelegatingSubject] for key [org.apache.shiro.util.ThreadContext_SUBJECT_KEY] bound to thread [http-bio-8080-exec-5]
365351 [http-bio-8080-exec-5] TRACE o.a.s.s.support.DelegatingSubject - attempting to get session; create = false; session is null = true; session has id = false
本当に奇妙なことは、ブラウザをクリックしてからクリックすると、正しいback
認証済みWebページに移動できることです。デバッグを試みましたが、呼び出されることはありません。しかし、クリックして正しいページに移動した場合、どうすればよいでしょうか。forward
Controller
back
forward
web.xmlには他のフィルターがなく、Shiroのデフォルトのフィルターも使用していません。
何が起こっている?
それは私がEclipseIndigoで開発している違いを生むというわけではありません。そして、これは呼び出されるべきであるが呼び出されない(デバッグモードの)コードです。
@RequestMapping(value = "/account/login", method = RequestMethod.POST, params = "login")
public String login(@RequestParam("username") String username,
@RequestParam("password") String password,
@RequestParam("remember") boolean rememberMe,
Model model) {
Subject currentUser = SecurityUtils.getSubject();
if (!currentUser.isAuthenticated()) {
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
token.setRememberMe(rememberMe);
currentUser.login(token);
return "redirect:/account/profile";
}
return "home";
}