I am using Apache Shiro 1.2.3 on Glassfish 4.1 now. Before I ran my app on IBM Websphere 8.5.
If I try to access the protected directories on Glassfish, I get the following error:
ERR_TOO_MANY_REDIRECTS
Sure - if I am not logged in, I should be forwarded to the login page. But there seems to be a problem. Here is my shiro.ini (a bit disguised):
[main]
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password FROM Users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role FROM Users WHERE username = ?
ds = org.postgresql.ds.PGPoolingDataSource
ds.serverName = 159.XX.XX.XX:54XX
ds.user = coXXXX
ds.password = q3XXXX
ds.databaseName = coXXXX
jdbcRealm.dataSource= $ds
authc.loginUrl = /backend
authc.successUrl = /backend/dashboard
user.loginUrl = /backend
passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = XXXX
multipleroles = com.travelagent.filters.MultipleRolesAuthorizationFilter
[urls]
/backend = authc
/backend/logout = logout
/member/** = user, multipleroles["admin", "guest"]
/backend/** = user, roles[admin]
For handsome URLs I am using PrettyFaces.