DEVHIDE
Login Or Sign up

Springboot Apache Shiro Login page redirected you too many times

40 Views Asked by At

I'm having some troubles in my Springboot app using Apache Shiro as a Security Framework, when i called the login page, it's always give me "redirected you too many times." error.

I'm using this XML based shiro setting :

<bean id="cacheManagerShiro" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml" />
</bean>
<bean id="credentialsMatcher" class="com.newtouch.lion.web.shiro.credentials.RetryLimitHashedCredentialsMatcher">
    <constructor-arg ref="cacheManagerShiro" />
    <property name="hashAlgorithmName" value="sha1" />
    <property name="hashIterations" value="2" />
    <property name="storedCredentialsHexEncoded" value="true" />
    <property name="retryMaxCount"  value="5"/>
</bean>
<bean id="userRealm" class="com.newtouch.starter.core.web.shiro.realm.CustomUserRealm">
    <property name="credentialsMatcher" ref="credentialsMatcher" />
    <property name="cachingEnabled" value="true" />
    <property name="authenticationCachingEnabled" value="true" />
    <property name="authenticationCacheName" value="authenticationCache" />
    <property name="authorizationCachingEnabled" value="true" />
    <property name="authorizationCacheName" value="authorizationCache" />
</bean>
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
    <constructor-arg value="sid" />
    <property name="httpOnly" value="true" />
    <property name="maxAge" value="-1" />
</bean>
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
    <constructor-arg value="rememberMe"/>
    <property name="httpOnly" value="true"/>
    <property name="path" value="/admin"/>        
</bean>
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
    <property name="cipherKey"  value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
    <property name="cookie" ref="rememberMeCookie"/>
</bean>
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
    <property name="activeSessionsCacheName" value="shiro-activeSessionCache" />
    <property name="sessionIdGenerator" ref="sessionIdGenerator" />
</bean>
<bean id="sessionValidationScheduler" class="com.newtouch.starter.core.web.shiro.session.QuartzSessionValidationScheduler">
    <property name="sessionValidationInterval" value="1800000" />
    <property name="sessionManager" ref="sessionManager" />
</bean>
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
    <property name="globalSessionTimeout" value="36000000" />
    <property name="deleteInvalidSessions" value="true" />
    <property name="sessionValidationSchedulerEnabled" value="true" />
    <property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
    <property name="sessionDAO" ref="sessionDAO" />
    <property name="sessionIdCookieEnabled" value="true" />
    <property name="sessionIdCookie" ref="sessionIdCookie" />
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
    <property name="realm" ref="userRealm" />
    <property name="sessionManager" ref="sessionManager" />
    <property name="cacheManager" ref="cacheManagerShiro" />
    <property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager" />
    <property name="arguments" ref="securityManager" />
</bean>
<bean id="formAuthenticationFilter" class="com.newtouch.lion.web.shiro.filter.AjaxFormAuthenticationFilter">
    <property name="rememberMeParam" value="rememberMe"/>
    <property name="usernameParam" value="username" />
    <property name="passwordParam" value="password" />
    <property name="loginUrl"     value="/login.htm" />
    <property name="successUrl" value="/index.htm" />
</bean>
<bean id="forceLogoutFilter" class="com.newtouch.lion.web.shiro.filter.ForceLogoutFilter">
    <property name="forceLogoutUrl" value="/loginerror.htm"/>
    <property name="sessionCacheManager" ref="sessionCacheManager"/>
</bean>
<bean id="sessionControlFilter" class="com.newtouch.lion.web.shiro.filter.SessionControllerFilter">
    <constructor-arg index="0" ref="cacheManagerShiro" />
    <property name="sessionManager" ref="sessionManager"/>
    <property name="maxSession" value="1"/>
    <property name="forceLogoutUrl" value="/loginerror.htm"/>
    <property name="forceLogoutAfter" value="true"/>
</bean>
<bean id="sessionCacheManager" class="com.newtouch.lion.web.shiro.cache.SessionCacheManager">
    <property name="cacheManager" ref="cacheManagerShiro"/>
</bean>
<bean id="logoutFilter" class="com.newtouch.lion.web.shiro.filter.LogoutSessionFilter">
    <property name="redirectUrl"  value="/login.htm"/>
    <property name="sessionCacheManager" ref="sessionCacheManager"/>
</bean>
<bean id="ajaxPermissions" class="com.newtouch.lion.web.shiro.filter.AjaxPermissionshorizationFilter"/>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager" />
    <property name="loginUrl" value="/login.htm" />
    <property name="unauthorizedUrl" value="/unauthorized.htm" />
    <property name="successUrl" value="/index.htm"/>
    <property name="filters">
        <util:map>
            <entry key="authc" value-ref="formAuthenticationFilter" />
            <entry key="forceLogoutFilter" value-ref="forceLogoutFilter"/>
            <entry key="logoutFilter" value-ref="logoutFilter"/>
            <entry key="perms" value-ref="ajaxPermissions"/>
        </util:map>
    </property>
    <property name="filterChainDefinitionMap" ref="filterChainDefinitionManager"/>
</bean>
<bean  id="filterChainDefinitionManager" class="com.newtouch.starter.core.web.shiro.chain.ShiroFilterChainDefinitionManager">
    <property name="filterChainDefinitions">
        <value>
            /rest/** = anon
            /ws/** = anon
            /resources/** = anon
            /unauthorized.htm =anon
            /loginerror.htm=anon
            /i18n/language.htm = anon
            /login.htm = authc
            /unauthorized.htm = authc
            /logout.htm=logoutFilter
            /** = authc
        </value>
    </property>
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />

The code for login page using "username" & "password" is already added too in the project.

For those who understand how shiro work & noticed if other config file is needed, i will provide the other config file if necessary.

Any help would be very appreciated. Thank you.

java spring-boot spring-mvc shiro
Original Q&A
0

There are 0 best solutions below

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-MVC

Related Questions in SHIRO

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.