I have problems with implement SprigBoot WebApp using Apache Shiro(I had same problems with Spring Security but I read that Shiro is easier to implement - Unfortunately for me Not).
So, at the beginning, I use springboot and shiro, my web pages are with *.html using thymeleaf and bootstrap, I use database MySQL using Hibernate and I don't want static users just from db, I'm trying to implements Shiro basing on a few tutorials but I can't do it.
What is my problem exactly? - I can't login. After clicking Login nothing happens, just "refres" page.
Bottom is full of my code:
pom.xml Dependencies
<dependencies>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.7</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>jquery</artifactId>
<version>2.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>webjars-locator</artifactId>
<version>0.32</version>
</dependency>
</dependencies>
MainStConfig.java Configuration
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = {"app.controllers", "app.service"})
public class MainStConfig extends WebMvcConfigurerAdapter {
private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
"classpath:/META-INF/resources/",
"classpath:/resources/",
"classpath:/static/",
"classpath:/public/",
"classpath:/webjars/"
};
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS);
}
@Bean
public DispatcherServlet dispatcherServlet() {
DispatcherServlet servlet = new DispatcherServlet();
servlet.setDispatchOptionsRequest(true);
return servlet;
}
@Bean
public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
registration.addUrlMappings("/*");
return registration;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setLoginUrl("/login.html");
shiroFilter.setSuccessUrl("/index.html");
shiroFilter.setUnauthorizedUrl("/index.html?error");
Map<String, String> filterChain = new HashMap<>();
filterChain.put("/", "anon");
filterChain.put("/login", "authc,roles[guest]");
filterChain.put("/admin/**", "authc,roles[ADMIN]");
filterChain.put("/student/**", "authc,roles[STUDENT]");
filterChain.put("/teacher/**", "roles,roles[TEACHER]");
shiroFilter.setFilterChainDefinitionMap(filterChain);
shiroFilter.setSecurityManager(securityManager());
Map<String, Filter> filters = new HashMap<>();
filters.put("anon", new AnonymousFilter());
filters.put("authc", new FormAuthenticationFilter());
filters.put("logout", new LogoutFilter());
filters.put("roles", new RolesAuthorizationFilter());
filters.put("user", new UserFilter());
shiroFilter.setFilters(filters);
return shiroFilter;
}
@Bean
public org.apache.shiro.mgt.SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm());
return securityManager;
}
@Bean(name = "userRealm")
@DependsOn("lifecycleBeanPostProcessor")
public UserRealm userRealm() {
return new UserRealm();
}
@Bean
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
}
MainStApplication.java StartUp app
@SpringBootApplication
public class MainStApplication {
public static void main(String[] args) {
SpringApplication.run(MainStApplication.class, args);
}
}
MainStInitializer.java
public class MainStInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { MainStConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
UserRealm.java
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserManager userManager;
public UserRealm() {
setName("userRealm");
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upat = (UsernamePasswordToken) token;
User user = userManager.getByUsername(upat.getUsername());
if (user != null && user.getPassword().equals(new String(upat.getPassword()))) {
return new SimpleAuthenticationInfo(user, user.getPassword(), getName());
} else {
throw new AuthenticationException("Invalid username/password combination!");
}
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
User user = (User)principals.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRole(user.getType().toString());
info.addStringPermission(user.getType().toString());
return info;
}
}
LoginController
@Controller
public class LoginController {
@ModelAttribute("userR")
public User getUser() {
return new User();
}
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}
@RequestMapping(value = "/admin/index", method = RequestMethod.GET)
public String admin() {
return "admin/index";
}
@RequestMapping(value = "/student/index", method = RequestMethod.GET)
public String student() {
return "student/index";
}
@RequestMapping(value = "/teacher/index", method = RequestMethod.GET)
public String teacher() {
return "teacher/index";
}
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(String username, String password) {
Subject currentUser = SecurityUtils.getSubject();
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
try {
currentUser.login(new UsernamePasswordToken(username, password));
} catch (Exception e) {
return "login";
}
return "redirect:index";
} else {
return "login";
}
}
/*@RequestMapping(value = "/login", method=RequestMethod.POST)
public String login(Model model, @ModelAttribute("userR") User user, RedirectAttributes redirectAttrs) {
model.addAttribute("login", user.getLogin());
if(user.getLogin().equals("a")) {
return "redirect:/admin/index";
}
if(user.getLogin().equals("s")) {
return "redirect:/student/index";
}
if(user.getLogin().equals("t")) {
return "redirect:/teacher/index";
}
return "index";
}*/
}
IndexController.java
@Controller
@RequestMapping("/")
public class IndexController {
@RequestMapping({"/", "/index"})
String index() {
return "index";
}
@RequestMapping("/login")
String login() {
return "login";
}
}
UserManager this class using dao and User class from other project added to build path. For clarity - UserHash in future will be to hashing passwords, actually passwords in db are not hashed(hash_hash column in UserHash table), bottom example
@Controller
public class UserManager {
private UserDao dao = new UserDao();
public UserManager() {
}
public model.user.User getByUsername(String name) {
model.entity.User u = this.dao.findByLogin(name);
model.entity.UserHash h = this.dao.findPassByLogin(name);
return new model.user.User(u).build(h);
}
}
And screen of my db: Screen of 2 tables in DB: User and UserHash
Could someone help me to configure Shiro that I can correctly login using data from DB?
UPDATE 1. And here is my login.html page
<body>
<div id="bodyContainer">
<div id="header"></div>
<div id="body">
<div class="loginPanel panel-default center-block">
<div class="panel-body">
<div>
<p th:if="${loginError}" class="error">Wrong user or password</p>
<form th:action="@{login}" th:object="${userR}" method="post">
<center><h1>Panel logowania</h1></center>
<div class="loginPanelInputFields">
<span class="input-group-addon" id="sizing-addon1">Login</span>
<input type="text" th:field="*{login}" id="username"
name="username" class="form-control" placeholder="login..."
aria-describedby="sizing-addon1" />
</div>
<br />
<div class="loginPanelInputFields">
<span class="input-group-addon" id="sizing-addon1">Haslo</span>
<input type="password" th:field="*{password}" id="password"
name="password" class="form-control" placeholder="haslo..."
aria-describedby="sizing-addon1" />
</div>
<br />
<br />
<input type="submit" class="btn btn-info text-center center-block" value="Zaloguj" />
</form>
</div>
</div>
</div>
</div>
<div id="footer"></div>
</div>
</body>
From my observations problem is in class MainStConfig exactly in this fragment of code for shiro chain:
Map<String, String> filterChain = new HashMap<>();
filterChain.put("/", "anon");
filterChain.put("/login", "authc,roles[guest]");
filterChain.put("/admin/**", "authc,roles[ADMIN]");
filterChain.put("/student/**", "authc,roles[STUDENT]");
filterChain.put("/teacher/**", "roles,roles[TEACHER]");
What do I wrong? Always - no matter that I use correct or wrong data from db - Im redirecting again to login.html. And in this situation using is method login() method = RequestMethod.GET NOT Post....
I have no errors. I just can't login, after write username, password and click Login my page refresh itself, in LoginController you can see unchecked method Login where I check something, for example if Username = "a" then redirect me to /admin/index.html - and this works perfect.
I checked something, when i'm going to /login.html and after trying to log executed is method
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {"
not
"@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(Model model, @ModelAttribute("userR") User user, RedirectAttributes redirectAttrs) {
I can't understand why?