1

您好我想知道的我可以将用户重定向到 shiro 自定义 jdbcrealm 中的 accessdeniedpage.jsp 这是我的代码....

  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws HostUnauthorizedException,AuthenticationException {

    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    String username = upToken.getUsername();
    String clientIP = upToken.getHost();

    // Null username is invalid
    if (username == null) {
        throw new AccountException("Null usernames are not allowed by this realm.");
    }

    Connection conn = null;
    AuthenticationInfo info = null;
    try {
        conn = dataSource.getConnection();

        String password = getPasswordForUser(conn, username); // get userpassword
        boolean ipFlag = getIPFlag(conn,username); // check whether users ip needs to be check i.e. get ipflag from users tbl, if true check user's ip else not
        boolean ipMatched = checkIP(conn,username,clientIP,ipFlag); // returns if user's ip matched with ip stored in database..

        if (password == null) {
            throw new UnknownAccountException("No account found for user [" + username + "]");
        }

        if(ipMatched == false){
             // how to redirect user to accessdeniedpage.jsp ?
        }

        info = buildAuthenticationInfo(username, password.toCharArray());

    } catch (SQLException e) {
        final String message = "There was a SQL error while authenticating user [" + username + "]";
        if (log.isErrorEnabled()) {
            log.error(message, e);
        }

        // Rethrow any SQL errors as an authentication exception
        throw new AuthenticationException(message, e);
    } finally {
        JdbcUtils.closeConnection(conn);
    }

    return info;
}

我正在检查用户 ip,如果在数据库中找不到 ip,我想将用户重定向到 accessdenied 页面

更新shiro.ini 

 [main]
ds = org.apache.shiro.jndi.JndiObjectFactory
ds.requiredType   = javax.sql.DataSource
ds.resourceName = jdbc/myDataSource
ds.resourceRef = true
jdbcRealm = com.java.realm.MyRealm 

# password hashing specification
sha256Matcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
sha256Matcher.hashAlgorithmName = SHA-256
jdbcRealm.credentialsMatcher = $sha256Matcher

jdbcRealm.permissionsLookupEnabled = true 
jdbcRealm.authenticationQuery = SELECT password FROM users WHERE username = ? 
jdbcRealm.userRolesQuery = SELECT role_name FROM user_roles WHERE username = ? 
jdbcRealm.permissionsQuery = SELECT roleper FROM roles_permissions WHERE role_name = ? 
jdbcRealm.permissionsQueryIP = SELECT ip FROM user_ip_permissions WHERE username = ? 
jdbcRealm.permissionsQueryCountry = SELECT countryname FROM country_permissions WHERE username = ? 
jdbcRealm.defaultPageQuery = SELECT default_page FROM users WHERE username = ?


jdbcRealm.dataSource = $ds
jdbcRealm.authorizationCachingEnabled = false

# specify login page 
authc.loginUrl = /login.jsp 

# redirect after successful login
authc.successUrl = /home.jsp

# roles filter: redirect to error page if user does not have access rights
# perms filter: redirect to error page if user does not have permissions
roles.unauthorizedUrl = /accessdenied.jsp
perms.unauthorizedUrl = /accessdenied.jsp


# request parameter with login error information; if not present filter assumes 'shiroLoginFailure'
# authc.failureKeyAttribute = simpleShiroApplicationLoginFailure


[urls] 


/login.jsp = authc

# only users with some roles are allowed to use role-specific pages 
/admin/** = authc,perms[page:*]
/java/** = authc,perms[page:javadeveloperpage]
/php/** = authc,perms[page:phpdeveloperpage]
/ruby/** = authc,perms[page:rubydeveloperpage]
/deo/** = authc,perms[page:deopage]

# enable authc filter for all application pages
/ApacheShiroLogin/** = authc

感谢和问候

4

1 回答 1

0

由于您要拒绝访问,因此从逻辑上讲,您需要将其抛出AuthorizationException并将其映射到您的自定义页面web.xml

if(ipMatched == false){
    throw new AuthorizationException();
}

在你的web.xml

<error-page>
    <exception-type>org.apache.shiro.authz.AuthorizationException</exception-type>
    <location>/path/to/accessdeniedpage.jsp</location>
</error-page>

附带说明一下,只有在身份验证失败的情况下,投掷才是AuthenticationException合乎逻辑的。

于 2013-10-31T12:11:22.663 回答