I would like to add security to Struts 2 application. I chose Apache Shiro. Can you give me some useful tips? I've started the integration according to web integration on shiro's site but at the moment it doesn't work.
I added to my web.xml
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
and
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>
I've created shiro interceptor.
public class ShiroInterceptor extends AbstractInterceptor {
public String intercept(ActionInvocation actionInvocation) throws Exception {
Subject shiroUser = SecurityUtils.getSubject();
actionInvocation.getStack().setValue("shiroUser", shiroUser);
return actionInvocation.invoke();
}
}
I've added shiro.ini
[main]
#authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /login.jsp
authc.usernameParam = login
authc.passwordParam = password
authc.successUrl = /some.jsp
roles.unauthorizedUrl = /error.jsp
myRealm = travel_click.logic.manager.security.MyRealm
securityManager.realms = $myRealm
[urls]
/**=authc
I wrote MyRealm class.
What else should i do?