0

I have:

  1. A Java EE Web Application project in Netbeans 7.2. Shiro-Web is installed and working great with standard settings in the INI file: users are automatically redirected to the standard login.jsp page, where they can log in without problems.

I want:

  1. To create a custom login page login.xhtml, annotated with PrimeFaces tags, where the login process is handled by a backing bean.

I need:

  1. To understand the steps that need to be performed in this login bean. Currently, I have a working Realm implemented, and I am able to authenticate a user:

    UsernamePasswordToken currentUserToken = 
   new UsernamePasswordToken(userEmail, userPassword);

try {
    SecurityUtils.getSubject().login(currentUserToken);
}
catch(UnknownAccountException uae) {

    // TODO: Notify user that no such account exists
}
catch(IncorrectCredentialsException ice) {
    // TODO: Notify user that login attempt failed due to bad credentials
}

// TODO: How to set up user session an everything else, if login succeeded?

    However, what additional steps do I need to take to make sure the users session (and everything else) is also properly set? I want to end up in the same state, as if I used the standard Shiro login feature (Session set up, appropriate settings set etc).

  2. Eventually, to understand how to configure Shiro NOT to filter out the JSF tags in the login page. Currently, the rendering defaults to standard HTML, and all the graphic goodies disappear.

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
csvan
  • 8,782
  • 12
  • 48
  • 91

1 Answers1

1

JSF handles your DefaultWebEnvironment so you need to extend the EnvironmentLoadListener and add your Realm to it.

public class CdiEnvironmentLoaderListener extends EnvironmentLoaderListener {

    //this is your implementation that extends Authorizing Realm
    ShiroRealm shiroRealm = null; 

    @Override
    protected WebEnvironment createEnvironment(ServletContext sc) {
        WebEnvironment environment = super.createEnvironment(sc);
        shiroRealm = new ShiroRealm();

        RealmSecurityManager rsm = (RealmSecurityManager) environment
            .getSecurityManager();

        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME);

        shiroRealm.setCredentialsMatcher(matcher);

        rsm.setRealm(shiroRealm);

        ((DefaultWebEnvironment) environment).setSecurityManager(rsm);

        return environment;
    }
}

In your web.xml add the custom listner, and the default filter and filter mappings from the web example.

<listener>
    <listener-class>com.company.security.CdiEnvironmentLoaderListener</listener-class>
</listener>

Use the custom JSF 2.0 tag libs. found here http://deluan.github.com/shiro-faces/

sources:

Apache Shiro "with JSF 2.0" ! How does it go?

http://shiro-user.582556.n2.nabble.com/Shiro-in-CDI-JPA2-JSF2-project-td7577437.html

Community
  • 1
  • 1
deefactorial
  • 293
  • 1
  • 12
  • There really is no need to specify the same data 3 times. `@ManagedBean` and `@SessionScoped` is enough here. No need for the name attribute and faces-config.xml entry. – Arjan Tijms Oct 07 '12 at 19:29