Apache Shiro: IllegalArgumentException upon login

Question

When using Apache Shiro, the following exception appears upon login:

java.lang.IllegalArgumentException: Configuration error. Configuration error. Specified object [authc] with property [loginUrl] without first defining that object's class. Please first specify the class property first, e.g. myObject = fully_qualified_class_name and then define additional properties.

shiro.ini

  # ----------------------------------------------------------------------------- 
  [main]
  authc.loginUrl=/login.xhtml
  authc.successUrl=/hello.xhtml
  logout.redirectUrl=/hello.xhtml

  # Users and their (optional) assigned roles
  # username = password, role1, role2, ..., roleN
  # -----------------------------------------------------------------------------
  [users]
  root = secret, admin
  guest = guest, guest

  # -----------------------------------------------------------------------------
  # Roles with assigned permissions
  # roleName = perm1, perm2, ..., permN
   -----------------------------------------------------------------------------
 [roles]
 admin = *
 schwartz = lightsaber:*
 goodguy = winnebago:drive:eagle5

  #------------------------------------------------------------------------------
 [urls]
 /hello.xhtml= authc 

Controller

public void login() {
    Factory<SecurityManager> factory = new IniSecurityManagerFactory();
    SecurityManager securityManager = factory.getInstance();
    SecurityUtils.setSecurityManager(securityManager);
    Subject currentUser=SecurityUtils.getSubject();

    if(!currentUser.isAuthenticated()){
        UsernamePasswordToken token=new UsernamePasswordToken("root","secret");
        token.setRememberMe(true);
        try{
            currentUser.login(token);
        }catch(UnknownAccountException e){
            System.out.println("username is incorrect");
        }catch (IncorrectCredentialsException e) {
            System.out.println("password is incorrect");
        }catch (LockedAccountException e) {
            System.out.println("account was locked");
        }catch (AuthenticationException e) {
            System.out.println("there are some error");
        }
    }
 }

web.xml

<listener>
    <listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

Answer 1

Try using PassThruAuthenticationFilter to perform the login attempt from the controller. Add this line to shiro.ini:

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

Next, as you are starting the Shiro Security Manager from your web.xml file, the following lines of code can be removed from the login() method:

Factory<SecurityManager> factory = new IniSecurityManagerFactory();
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);

Note that FormAuthenticationFilter is another type of authentication filter that also helps handle login requests.