When using Apache Shiro, the following exception appears upon login:
java.lang.IllegalArgumentException: Configuration error. Configuration error. Specified object [authc] with property [loginUrl] without first defining that object's class. Please first specify the class property first, e.g. myObject = fully_qualified_class_name and then define additional properties.
# -----------------------------------------------------------------------------
[main]
authc.loginUrl=/login.xhtml
authc.successUrl=/hello.xhtml
logout.redirectUrl=/hello.xhtml
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = secret, admin
guest = guest, guest
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
-----------------------------------------------------------------------------
[roles]
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5
#------------------------------------------------------------------------------
[urls]
/hello.xhtml= authc
public void login() {
Factory<SecurityManager> factory = new IniSecurityManagerFactory();
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser=SecurityUtils.getSubject();
if(!currentUser.isAuthenticated()){
UsernamePasswordToken token=new UsernamePasswordToken("root","secret");
token.setRememberMe(true);
try{
currentUser.login(token);
}catch(UnknownAccountException e){
System.out.println("username is incorrect");
}catch (IncorrectCredentialsException e) {
System.out.println("password is incorrect");
}catch (LockedAccountException e) {
System.out.println("account was locked");
}catch (AuthenticationException e) {
System.out.println("there are some error");
}
}
}
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
Try using PassThruAuthenticationFilter
to perform the login attempt from the controller. Add this line to shiro.ini:
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
Next, as you are starting the Shiro Security Manager from your web.xml file, the following lines of code can be removed from the login()
method:
Factory<SecurityManager> factory = new IniSecurityManagerFactory();
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Note that FormAuthenticationFilter
is another type of authentication filter that also helps handle login requests.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With