I just forked the project and tried to set up the DB - the pop_db.sql script was failing for me because of the alter statements at the top (there was nothing to alter since it was my first time creating the DB).
Then I looked further down the script and noticed that you were populating the user table with raw (plaintext) password values for the password column. This is probably why your logins always fail: Because you've configured a PasswordService and PasswordMatcher, Shiro expects the passwords returned from the database to be in a recognized hash format. Because the column values are plaintext, the credentials comparison under the current configuration will always fail. You can use the Shiro command-line Hasher [1] to hash your test passwords. Take the output from that command and use that as your password column value. I know this is just a test/sample web app, but in the interest of clarity for others that might read this in the future, I should stress, very strongly, to never ever ever store plaintext passwords in your data store. Ever. :) [1] http://shiro.apache.org/command-line-hasher.html HTH, -- Les Hazlewood CTO, Stormpath | http://stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog On Fri, May 18, 2012 at 10:02 AM, Jared Bunting <[email protected]> wrote: > Since those are trace messages from beanutils, and you explicitly set > org.apache to warn in log4j.properties, I'm still thinking that your logging > configuration isn't getting picked up. You might try Googling for logging > in glassfish. > > On May 18, 2012 10:20 AM, "Paulo Pires" <[email protected]> wrote: >> >> Hi all, >> >> First of all, thanks to the project contributors for putting such an >> effort in this project. >> >> Now, I'm struggling to get a simple Web application (just JSP 'stolen' >> from Shiro samples code) to authenticate against a JDBC realm backed by >> MySQL. Everytime I try to log-in the page just reloads again and doesn't >> throw any kind of error. >> >> I've made the project source-code public, so that anyone can look at it, >> and eventually it may become the basis for a tutorial on this. You can >> check it at https://github.com/pires/simple-shiro-web-app >> >> I've tried to debug it, but somehow, my log4j configuration is not >> working properly. I can see a 'shiro.log' file being generated and with >> some output from commons.beanutils, but nothing about Shiro. I only get >> error messages in Glassfish 'server.log' when some property in >> 'shiro.ini' is wrongly configured. >> >> Any help will be highly appreciated. >> >> Thanks! >> >> -- >> Paulo Pires >> >
