Thank, I didnt realize i could do this. And it works.
I am still having login issues but the UsernamePasswordToken is now
populated.
My page is not being redirected, and I'm not sure if any errors are
occuring. I have added a shiro appender to my log4j properties and it seems
to be working because I see shiro logging on startup but nothing when I have
a failed login.
When I output the password from the UsernamePassword token it doesnt look
like the one I entered in the login form, should it?
this is part of my realm file, I think I am still making some basic mistakes
public UserRealm() {
super(new MemoryConstrainedCacheManager());
personDao = (PersonDao) DaoManager.getDao("Person");
setAuthenticationTokenClass(UsernamePasswordToken.class);
HashedCredentialsMatcher hcm = new
HashedCredentialsMatcher(Sha256Hash.ALGORITHM_NAME);
hcm.setHashIterations(HASH_ITERATIONS);
setCredentialsMatcher(new
HashedCredentialsMatcher(Sha256Hash.ALGORITHM_NAME));
}
@Override
protected SaltedAuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
System.out.println("Authentication - input username: " +
upToken.getUsername());
System.out.println("Authentication - input password: " +
upToken.getCredentials().toString());
System.out.println("Authentication - input host: " +
upToken.getHost());
System.out.println("Authentication - input toString: " +
upToken.toString());
String username = upToken.getUsername();
// Null username is invalid
if (username == null) { throw new AccountException("Null usernames
are not allowed by this realm."); }
Person user = findByUsername(username);
if (user.isAccountLocked()) { throw new
LockedAccountException("Account [" + username + "] is locked."); }
if (user.isCredentialsExpired()) {
String msg = "The credentials for account [" + username + "] are
expired";
throw new ExpiredCredentialsException(msg);
}
System.out.println("Authentication - about to create simple
authentication info username: " + username);
System.out.println("Authentication - about to create simple
authentication info password: " + user.getEncodedPassword());
System.out.println("Authentication - about to create simple
authentication info salt: " + new SimpleByteSource(user.getPasswordSalt()));
System.out.println("Authentication - about to create simple
authentication info realm name: " + getName());
return new SimpleAuthenticationInfo(username,
user.getEncodedPassword(), new SimpleByteSource(user.getPasswordSalt()),
getName());
}
Harald Wellmann wrote
> - Add an explicit ID to your
> <h:form>
> .
> <h:form id="login>
> ...
> </h:form>
> This will guarantee deterministic request parameter names for your form
> fields.
>
>
> - Override the default parameter names:
>
> [main]
> authc.usernameParam = login:username
> authc.passwordParam = login:password
>
>
> - Make sure to apply the authc filter to the login URL
>
> [urls]
> /login.jsf = authc
>
> By doing so, all authentication happens automatically, you don't even
> need an action method for your
> <h:commandButton>
> Best regards,
> Harald
>
> Am 25.11.2012 14:56, schrieb Jared Bunting:
>> It's been awhile since I've worked with JSF, but I believe you have
>> two options.
>>
>> 1. Change the parameters authc.usernameParam and authc.passwordParam in
>> your shiro.ini file to match the field names that jsf uses. This might
>> work, I'm not sure of the intricacies in jsf.
>> 2. Don't use a filter for login. This is probably what I would do. If
>> I remember correctly, you can tie your form submission in login.jsf to
>> a method on your backing bean. This backing bean would need to do
>> something like this:
>>
>> try {
>> AuthenticationToken token = new UsernamePasswordToken(username,
>> password, rememberMe, request.getRemoteHost());
>> SecurityUtils.getSubject().login(token);
>> } catch (AuthenticationException ae) {
>> // handle error
>> }
>>
>> It would also need to do any redirect work.
>>
>> Whatever you do get working, please share it. I think we need a "Shiro
>> with JSF" section in the wiki, and perhaps some supporting code in the
>> shiro-faces module.
>>
>> Thanks,
>> Jared
>>
>> On Sun 25 Nov 2012 12:07:21 AM CST, set321go wrote:
>>> Hello,
>>>
>>> I am relativley new to the jsp/jsf side of java. I am trying to build a
>>> web
>>> application which runs on jboss 7 using jsf2.0 and shiro1.2. I have
>>> found
>>> the extra tag libs i need to give parts of my page different permissions
>>> but
>>> I am having some login Issues.
>>>
>>> My problem is that jsf uses its own values for id and name attributes on
>>> html elements, when my submit response comes back shiro has null values
>>> for
>>> my username and pasword because the name and password dont match what I
>>> have
>>> set in the shiro.ini file. How can I fix this?
>>>
>>> shiro.ini
>>>
>>> ...
>>> securityManager.realms = $userRealm
>>> authc.loginUrl = /faces/login.xhtml
>>>
>>> # name of request parameter with username; if not present filter assumes
>>> 'username'
>>> authc.usernameParam = username
>>> # name of request parameter with password; if not present filter assumes
>>> 'password'
>>> authc.passwordParam = password
>>> # does the user wish to be remembered?; if not present filter assumes
>>> 'rememberMe'
>>> authc.rememberMeParam = remembered
>>> ...
>>>
>>> login.xhtml
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>>
>>> <!DOCTYPE html
> >> PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>>
>>> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>>
>>>
> <html xmlns="http://www.w3.org/1999/xhtml";
>>
>> xmlns:h="http://java.sun.com/jsf/html";>
>>>
>>>
> <h:head>
>>>
> <title>
> Simple JSF login page
> </title>
>>>
> </h:head>
>>>
>>>
> <h:body>
>>>
> <h:panelGroup rendered="#{!loginBean.errors}">
>>>
> <h:form>
>>>
> <p>
> #{loginBean.error}
> </p>
>>>
> </h:form>
>>>
> </h:panelGroup>
>>>
>>>
> <h:panelGroup rendered="#{!loginBean.loggedIn}">
>>>
>>> Login
>>>
>>>
> <h:form>
>>>
> <p>
> Username:
> <h:inputText id="username"
>>
>> value="#{loginBean.username}" />
> </p>
>>>
> <p>
> Password:
> <h:inputText id="password"
>>
>> value="#{loginBean.password}" />
> </p>
>>>
> <p>
> RememberMe:
> <h:selectBooleanCheckbox id="remembered"
>>
>> value="#{loginBean.rememberMe}" />
> </p>
>>>
> <p>
> <h:commandButton value="submit" action="#{loginBean.login}"
>>
>> />
> </p>
>>>
> </h:form>
>>>
> </h:panelGroup>
>>>
> </h:body>
>>>
>>>
> </html>
>>>
>>> output from doGetAuthenticationInfo
>>>
>>> 21:48:13,491 INFO [stdout] (http--127.0.0.1-8080-1) Authentication -
>>> input
>>> username: null
>>> 21:48:13,491 INFO [stdout] (http--127.0.0.1-8080-1) Authentication -
>>> input
>>> password: null
>>> 21:48:13,492 INFO [stdout] (http--127.0.0.1-8080-1) Authentication -
>>> input
>>> host: 127.0.0.1
>>> 21:48:13,492 INFO [stdout] (http--127.0.0.1-8080-1) Authentication -
>>> input
>>> toString: org.apache.shiro.authc.UsernamePasswordToken - null,
>>> rememberMe=false (127.0.0.1)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://shiro-user.582556.n2.nabble.com/shiro-jsf2-0-login-page-tp7577981.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>>
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/shiro-jsf2-0-login-page-tp7577981p7577992.html
Sent from the Shiro User mailing list archive at Nabble.com.
