四郎總是重定向我的login.jsp

Question

這裏是shiro.ini

shiro.loginUrl = /login.jsp

#########網址CONFIG＃的配置################## [url] /login.jsp = anon/public/login/** = anon/public/app/** = authc

Stripes ...

@UrlBinding("/public/app/") 
public class CalculatorActionBean implements ActionBean { 
..... 

} 

@UrlBinding("/public/login/") 
public class UserAuthenticateBean implements ActionBean { 

    private static final transient Logger log = LoggerFactory.getLogger(UserAuthenticateBean.class); 
    private ActionBeanContext context; 
    private String username; 
    private String password; 
    private String message; 

    public ActionBeanContext getContext() { 
     return context; 
    } 

    public void setContext(ActionBeanContext context) { 
     this.context = context; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 

    public String getUsername() { 
     return username; 
    } 

    public void setUsername(String username) { 
     this.username = username; 
    } 

    @DefaultHandler 
    @DontValidate 
    public Resolution defaultHander() { 
     return new ForwardResolution("/login.jsp"); 
    } 

    public Resolution login() { 

     Subject currentUser = SecurityUtils.getSubject(); 
     log.info("CU=" + currentUser.toString()); 


     if (!currentUser.isAuthenticated()) { 
      TenantAuthenticationToken token = new TenantAuthenticationToken(username, password, "jdbcRealm"); 
      //UsernamePasswordToken token = new UsernamePasswordToken("akumar", "ash"); 
      token.setRememberMe(true); 
      try { 
       currentUser.login(token); 
      } catch (UnknownAccountException uae) { 
       log.info("There is no user with username of " + token.getPrincipal()); 
      } catch (IncorrectCredentialsException ice) { 
       log.info("Password for account " + token.getPrincipal() + " was incorrect!"); 
      } catch (LockedAccountException lae) { 
       log.info("The account for username " + token.getPrincipal() + " is locked. " 
         + "Please contact your administrator to unlock it."); 
      } // ... catch more exceptions here (maybe custom ones specific to your application? 
      catch (AuthenticationException ae) { 
       //unexpected condition? error? 
       ae.printStackTrace(); 
      } 
     } 

     if (currentUser.isAuthenticated()) { 
      message = "Success"; 
     } else { 
      message = "Fail"; 
     } 

     System.out.println(message); 


     message += getUsername() + getPassword(); 
     return new ForwardResolution("/logged_in.jsp"); 
    } 
} 

logged_in.jsp

<a href ="/oc/public/app">app</a> 

現在，如果我刪除行 /公共/應用/ ** = authc 從shiro.ini，我可以爲普通用戶和來賓

一個記錄的訪問/公共/應用

如果我保留該行，那麼沒有人可以訪問該頁面並返回到login.jsp

讓我瘋狂！

幫助!!

Answer 1

改變你的URL配置有「authc」過濾實際登錄網址：

[main] 
... 
authc.loginUrl = /login.jsp 

[urls] 
/login.jsp = authc 
/public/login/** = anon 
/public/app/** = authc 

的authc過濾器是足夠聰明，知道如果請求未經過身份驗證仍然讓它去通過對基礎頁面所以用戶可以登錄。