Apache Shiro Basic 2

This is Stuff” blog explains the Shiro in very detail way.

I can use default filter (authc – in this case), but I can create a custom filter by extending the existing default filters. So no need to update web.xml rather shiro.ini file need to be updated.

 public class VerboseFormAuthFilter extends FormAuthenticationFilter
    protected void setFailureAttribute( ServletRequest request, AuthenticationException ae)
      String message = ae.getMessage();
      request.setAttribute(getFailureKeyAttribute(), message);


# Replace Form Authentication filter with Verbose filter. By default, it was "FormAuthenticationFilter".
authc = VerboseFormAuthFilter
# Request parameter with login error info. By default, 'shiroLoginFailure'. This will be used in JSP to retrieve error.

The purpose of having my own Form filter is to display an error message from the filter. As I defined failureKeyAttribute name “myShiroLoginFailutre” in the shiro.ini, same attribute name will be used in the JSP.

String error = (String)request.getAttribute(“myShiroLoginFailure”);
if (error != null)
Login attempt was unsuccessful :<%=error%>


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s