ERR_TOO_MANY_REDIRECTS with Shiro on Glassfish

Question

I am using Apache Shiro 1.2.3 on Glassfish 4.1 now. Before I ran my app on IBM Websphere 8.5.

If I try to access the protected directories on Glassfish, I get the following error:

ERR_TOO_MANY_REDIRECTS

Sure - if I am not logged in, I should be forwarded to the login page. But there seems to be a problem. Here is my shiro.ini (a bit disguised):

    [main]

jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password FROM Users WHERE username = ?
jdbcRealm.userRolesQuery = SELECT role FROM Users WHERE username = ?

ds = org.postgresql.ds.PGPoolingDataSource
ds.serverName = 159.XX.XX.XX:54XX
ds.user = coXXXX
ds.password = q3XXXX
ds.databaseName = coXXXX
jdbcRealm.dataSource= $ds

authc.loginUrl = /backend
authc.successUrl = /backend/dashboard
user.loginUrl = /backend


passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = XXXX

multipleroles = com.travelagent.filters.MultipleRolesAuthorizationFilter

[urls]
/backend = authc
/backend/logout = logout
/member/** = user, multipleroles["admin", "guest"]
/backend/** = user, roles[admin]

For handsome URLs I am using PrettyFaces.

Disable PrettyFaces and retry, just to exclude it from being the cause. If it works, then you should know how to ask the right question. — BalusC, Aug 16 '15 at 16:17
**java.lang.NullPointerException** javax.el.ELException: java.lang.NullPointerException at com.sun.el.parser.AstValue.invoke(AstValue.java:293) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:304) at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40) at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50) **...** — Marcel, Aug 18 '15 at 18:56
.... **Caused by: java.lang.NullPointerException** at org.apache.shiro.crypto.hash.SimpleHash.hash(SimpleHash.java:229) at org.apache.shiro.crypto.hash.SimpleHash.(SimpleHash.java:178) at org.apache.shiro.crypto.hash.SimpleHash.(SimpleHash.java:117) at org.apache.shiro.crypto.hash.Sha256Hash.(Sha256Hash.java:46) at **com.travelagent.faces.LoginController.loginUser(LoginController.java:84)** at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at ... — Marcel, Aug 18 '15 at 18:56
and the method **@LoginController.java:84** does: `UsernamePasswordToken token = new UsernamePasswordToken(username, new Sha256Hash(password).toHex());` — Marcel, Aug 18 '15 at 19:00
EXACTLY - since moving from WebSphere to Glassfish I've missed the correct annotations. @BalusC you are incredible ... — Marcel, Aug 18 '15 at 19:30
it's just a warning, but do you know how to solve that? Probably it is a Shiro issue: `Parameter 1 of type java.lang.Class extends org.apache.shiro.authc.AuthenticationToken> from public void org.apache.shiro.realm.AuthenticatingRealm.setAuthenticationTokenClass(java.lang.Class extends org.apache.shiro.authc.AuthenticationToken>) is not resolvable to a concrete type.` — Marcel, Aug 18 '15 at 19:32
It's recognizable as a Weld warning. When Weld (auto)registers a class as a CDI managed bean (candidate), it will inspect all public/protected methods to prepare a proxy. However, a wildcard-parameterized method argument or return type can't be proxied, so the method will be discarded. This is harmless and only helpful when it concerns your own codebase so you could if necessary fix that. Best what you could do is to exclude Shiro API from being scanned as CDI managed bean candidates via `` in `beans.xml`. Related: http://stackoverflow.com/q/29249204 But .. this is off topic ;) — BalusC, Aug 18 '15 at 19:39

ERR_TOO_MANY_REDIRECTS with Shiro on Glassfish

0 Answers0