1. 首页
  2. 问答
  3. 四郎总是重定向我的login.jsp

四郎总是重定向我的login.jsp

2012-04-05 28 views
3

这里是shiro.ini四郎总是重定向我的login.jsp

shiro.loginUrl = /login.jsp

#########网址CONFIG#的配置################## [url] /login.jsp = anon/public/login/** = anon/public/app/** = authc

Stripes ...

@UrlBinding("/public/app/") 
public class CalculatorActionBean implements ActionBean { 
..... 

} 

@UrlBinding("/public/login/") 
public class UserAuthenticateBean implements ActionBean { 

    private static final transient Logger log = LoggerFactory.getLogger(UserAuthenticateBean.class); 
    private ActionBeanContext context; 
    private String username; 
    private String password; 
    private String message; 

    public ActionBeanContext getContext() { 
     return context; 
    } 

    public void setContext(ActionBeanContext context) { 
     this.context = context; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 

    public String getUsername() { 
     return username; 
    } 

    public void setUsername(String username) { 
     this.username = username; 
    } 

    @DefaultHandler 
    @DontValidate 
    public Resolution defaultHander() { 
     return new ForwardResolution("/login.jsp"); 
    } 

    public Resolution login() { 

     Subject currentUser = SecurityUtils.getSubject(); 
     log.info("CU=" + currentUser.toString()); 


     if (!currentUser.isAuthenticated()) { 
      TenantAuthenticationToken token = new TenantAuthenticationToken(username, password, "jdbcRealm"); 
      //UsernamePasswordToken token = new UsernamePasswordToken("akumar", "ash"); 
      token.setRememberMe(true); 
      try { 
       currentUser.login(token); 
      } catch (UnknownAccountException uae) { 
       log.info("There is no user with username of " + token.getPrincipal()); 
      } catch (IncorrectCredentialsException ice) { 
       log.info("Password for account " + token.getPrincipal() + " was incorrect!"); 
      } catch (LockedAccountException lae) { 
       log.info("The account for username " + token.getPrincipal() + " is locked. " 
         + "Please contact your administrator to unlock it."); 
      } // ... catch more exceptions here (maybe custom ones specific to your application? 
      catch (AuthenticationException ae) { 
       //unexpected condition? error? 
       ae.printStackTrace(); 
      } 
     } 

     if (currentUser.isAuthenticated()) { 
      message = "Success"; 
     } else { 
      message = "Fail"; 
     } 

     System.out.println(message); 


     message += getUsername() + getPassword(); 
     return new ForwardResolution("/logged_in.jsp"); 
    } 
}

logged_in.jsp

<a href ="/oc/public/app">app</a>

现在,如果我删除行 /公共/应用/ ** = authc 从shiro.ini,我可以为普通用户和来宾

一个记录的访问/公共/应用

如果我保留该行,那么没有人可以访问该页面并返回到login.jsp

让我疯狂!

帮助!!

来源

2012-04-05 aks

回答

3

改变你的URL配置有“authc”过滤实际登录网址:

[main] 
... 
authc.loginUrl = /login.jsp 

[urls] 
/login.jsp = authc 
/public/login/** = anon 
/public/app/** = authc

authc过滤器是足够聪明,知道如果请求未经过身份验证仍然让它去通过对基础页面所以用户可以登录。

来源

2012-04-05 22:47:35

+0

谢谢。真棒。只要把shiro.loginurl改为authc.loginurl就行了。一如既往,你的答案是精确的! – aks 2012-04-10 14:23:44

+0

很高兴帮助! – 2012-04-10 21:36:53

相关问题

 相关问题