Apache Shiro is originally called jsecurity. At our work, we use JAAS with Weblogic specific implementation by using LDAP realm. In the xproject, I’d like to implement the Apache Shiro. Shiro documentation was pretty good and several blogger posted pretty detail step by step guide.
In this blog, I’d like to focus on setting up Shiro in JSF project in Eclipse environment with Glassfish. I will focus on the basic authentication & configuration in this page. Later, I will add more roles and SSL connection.
Follow below steps to setup the project:
- Download Shiro Web and Shiro Core (1.2.0) from Apache Shiro site.
- Create a Dynamic Web Project in the Eclipse. Use MyEclipse implmentation.
- Overwrite faces-config.xml to overwrite mojaar implmentation. Please see my previous page.
- Create index.xhtml, result.xhtml, and login.jsp.
- Create welcome.java as a ManagedBean. navigate() method will return “result.xhtml”. I am omitting all the business logic for the simplicity.
- Create shiro.ini file in the WEB-INF folder. Follow the template from Apache Shiro configuration document.
- Update web.xml to add Shiro listener, filter, and filter mapping.
- I think Shiro source code has references to log4j and slf4j. For this reason, I had to include log4j-1.2.16.jar, slf4j-api-1.6.4.jar, and slf4j-log4j12-1.6.4.jar in the classpath. If Eclipse still throws ClassNotFoundException, incluse these jar files in the lib folder under WEB-INF.
[main] authc.loginUrl = /login.jsp authc.successUrl = /faces/index.xhtml [users] user01 = user01, Users user02 = user02, Users [roles] Users = * [urls] login.jsp = authc /** = authc
web.xml add below lines
<listener> <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
<form name="loginform" action="" method="post">
Username: <input type="text" name="username"/><br/>
Password: <input type="password" name="password"/>
<input type="checkbox" name="rememberMe" value="true"/>Remember Me?<br/>
<input type="submit" name="submit" value="Login">
I added only one role [Users] with two users [user01, user02] in the shiro.ini file for the initial testing purpose, but I can add more roles and define detail navigation rules in the shiro.ini file.
In my next post, I will add more roles and attempt to do with the SSL.