Search code examples
javasecurityweb-applicationsshiro

Web-Application Security with Apache Shiro Configuration Problems

I decided to use Shiro to secure my webapplication. I use a tomcat app server, maven, hibernate and jsf. Now I tried to configure Shiro but got some problems.

Here are my files:

---POM.xml---

            <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-core</artifactId>
                    <version>1.0.0-incubating</version>
            </dependency>
            <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-web</artifactId>
                    <version>1.0.0-incubating</version>
            </dependency>
            <dependency>
                    <groupId>org.apache.shiro</groupId>
                    <artifactId>shiro-aspectj</artifactId>
                    <version>1.0.0-incubating</version>
            </dependency>

---web.xml---

 <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>
      javax.faces.webapp.FacesServlet
    </servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
  </servlet-mapping>

  <welcome-file-list>
    <welcome-file>welcome.xhtml</welcome-file>
  </welcome-file-list>

  <filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class>
    <init-param>
    <param-name>config</param-name>
            <param-value>

                  [main]

                  myrealm = com.misPartidos.web.MyRealm

         </param-value>

    </init-param>
        </filter>

        <filter-mapping>
            <filter-name>SecurityFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

If I deploy to the server I get this error message:

ERROR: Exception starting filter ShiroFilter
java.lang.ClassNotFoundException: org.apache.shiro.web.servlet.IniShiroFilter
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1645)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1491)
        at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:269)
        at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
        at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:115)
        at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4001)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4651)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
        at org.apache.catalina.core.StandardService.start(StandardService.java:519)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
30.07.2010 10:14:34 org.apache.catalina.core.StandardContext start
ERROR: Error filterStart

Where is my mistake? Do I need to implemnt something else as well? Thank you for help Sven

Additional

I thought a bit about the problem. I think the key is to set the realm. But to test this framework I don't want to add a database or ldap. I need an easy solution...

Update

I changed the web.xml as follows:

<init-param>
    <param-name>config</param-name>
        <param-value>

        [main]

        [users]

        tom = secret, admin
        paul = secret, user

        [roles]

        admin = *
        user = *

         </param-value>

    </init-param>

But the error remains the same :-/

Solution

  • The problem is not related to the INI configuration or your Realm definition. It is because the org.apache.shiro.web.servlet.IniShiroFilter class is not in the classpath. This class is in the shiro-web-1.0.0-incubating.jar file (no snapshot needed). Ensure that your POM dependencies list it correctly.

    Also, in your project's web module, run 'mvn install'. Then look in the 'target' directory and you should see the built .war file. On the command line, run 'jar tf my-war-file.war'. As long as you see the shiro-web-1.0.0-incubating.jar file in /WEB-INF/lib, that is all that is required.

    Cheers,

    Les

    (Apache Shiro team)