I can not pass values from my login form to backing bean to authenticate user by apache shiro in my web app. Does anybody know why?
shiro.ini
[main]
authc.loginUrl = /login.jsf
authc.successUrl = /pages/welcome.jsf
[users]
admin = 1234
[urls]
/login.jsf = authc
/pages/** = authc
login.xhtml
<ui:define name="content">
<div id="login_form">
<h:form prependId="false">
<center>
<h1>Sign in <p:link value="or create an account" outcome="registration" style="color: #0A9CE5; text-decoration: none;" /></h1>
<table>
<tr>
<td><p:inputText id="username" value="#{shiroLoginBean.username}" placeholder="Login" required="true" /></td>
</tr>
<tr>
<td><p:password id="password" value="#{shiroLoginBean.password}" placeholder="Password" required="true" /></td>
</tr>
</table>
</center>
<p:commandButton value="Sign in" action="#{shiroLoginBean.doLogin}" />
</h:form>
</div>
BEAN:
package utils.security;
import java.io.IOException;
import java.io.Serializable;
import javax.ejb.Stateless;
import javax.faces.bean.ViewScoped;
import javax.faces.context.FacesContext;
import javax.inject.Named;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Named("shiroLoginBean")
@Stateless
@ViewScoped
public class ShiroLoginBean implements Serializable {
private static final long serialVersionUID = 1L;
private static final Logger log = LoggerFactory.getLogger(ShiroLoginBean.class);
private String username;
private String password;
public ShiroLoginBean() {
}
/**
* Try and authenticate user.
*/
public void doLogin() {
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(getUsername(), getPassword());
try {
subject.login(token);
FacesContext.getCurrentInstance().getExternalContext().redirect("pages/welcome.jsf");
} catch (UnknownAccountException ex) {
log.error(ex.getMessage(), ex);
} catch (IncorrectCredentialsException ex) {
log.error(ex.getMessage(), ex);
} catch (LockedAccountException ex) {
log.error(ex.getMessage(), ex);
} catch (AuthenticationException | IOException ex) {
log.error(ex.getMessage(), ex);
} finally {
token.clear();
}
}
//~ Setters and Getters
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
}
Problem is on this row... UsernamePasswordToken token = new UsernamePasswordToken(getUsername(), getPassword()); ... getUsername and getPassword is always null. Thank you so much for answer!!
Your @ViewScoped
import is wrong - since you use @Named
(meaning its a CDI bean) you should use
import javax.faces.view.ViewScoped;
Since you omitted a relevant scope you'll get @Dependent
scope, which I've never seen the use for but its very short lived (inputs will be bound to one bean, but when doLogin() runs it will be in a new one).