使用Apache Shiro时,登录时会出现以下异常:
java.lang.IollegalArgumentException:配置错误。配置错误。指定了具有属性[loginUrl]的对象[authc],但未首先定义该对象的类。请首先指定类属性,例如myObject=fully_qualified_class_name,然后定义其他属性。
shiro.ini
# -----------------------------------------------------------------------------
[main]
authc.loginUrl=/login.xhtml
authc.successUrl=/hello.xhtml
logout.redirectUrl=/hello.xhtml
# Users and their (optional) assigned roles
# username = password, role1, role2, ..., roleN
# -----------------------------------------------------------------------------
[users]
root = secret, admin
guest = guest, guest
# -----------------------------------------------------------------------------
# Roles with assigned permissions
# roleName = perm1, perm2, ..., permN
-----------------------------------------------------------------------------
[roles]
admin = *
schwartz = lightsaber:*
goodguy = winnebago:drive:eagle5
#------------------------------------------------------------------------------
[urls]
/hello.xhtml= authc
控制器
public void login() {
Factory<SecurityManager> factory = new IniSecurityManagerFactory();
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
Subject currentUser=SecurityUtils.getSubject();
if(!currentUser.isAuthenticated()){
UsernamePasswordToken token=new UsernamePasswordToken("root","secret");
token.setRememberMe(true);
try{
currentUser.login(token);
}catch(UnknownAccountException e){
System.out.println("username is incorrect");
}catch (IncorrectCredentialsException e) {
System.out.println("password is incorrect");
}catch (LockedAccountException e) {
System.out.println("account was locked");
}catch (AuthenticationException e) {
System.out.println("there are some error");
}
}
}
web.xml
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
尝试使用PassThruAuthenticationFilter从控制器执行登录尝试。将此行添加到shiro.ini:
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
接下来,当您从web.xml文件启动Shiro Security Manager时,可以从login()方法中删除以下代码行:
Factory<SecurityManager> factory = new IniSecurityManagerFactory();
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
请注意,FormAuthenticationFilter是另一种类型的身份验证过滤器,它也有助于处理登录请求。