1

I would like to add security to Struts 2 application. I chose Apache Shiro. Can you give me some useful tips? I've started the integration according to web integration on shiro's site but at the moment it doesn't work.

I added to my web.xml

<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

and

<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>

I've created shiro interceptor.

public class ShiroInterceptor extends AbstractInterceptor {
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        Subject shiroUser = SecurityUtils.getSubject();
        actionInvocation.getStack().setValue("shiroUser", shiroUser);
        return actionInvocation.invoke();
    }
}

I've added shiro.ini

[main]

#authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /login.jsp
authc.usernameParam = login
authc.passwordParam = password
authc.successUrl  = /some.jsp
roles.unauthorizedUrl = /error.jsp

myRealm = travel_click.logic.manager.security.MyRealm
securityManager.realms = $myRealm

[urls]
/**=authc

I wrote MyRealm class.

What else should i do?

4

0 回答 0