Apache Shiro: authenticate with username / password but store user id as primary

Question

Apache Shiro: authenticate with username / password but store user id as primary

I am starting work with Apache Shiro. I started with simple examples, and as I leave, complexity.

I am currently collecting email address and password from the login form using JSF and using UsernamePasswordToken to authenticate the user using Shiro.

UsernamePasswordToken token = new UsernamePasswordToken(email, password);
SecurityUtils.getSubject().login(token);

Supported by JDBC core with simple query

jdbcRealm.authenticationQuery = SELECT password FROM user WHERE email = ?

To get more detailed information about the user, for example their name, I look for the user in the database by the director - this is their email address.

currentUser = userDAO.findByEmail((String) SecurityUtils.getSubject().getPrincipal());

, , . - , , . ?

+3

java authentication shiro

Brent Robinson 23 . '14 9:54

1

Brent Robinson · Accepted Answer · 2014-02-24T20:52:41+0000

- .

try{
    // Lookup the user by email
    User user = userDAO.findByEmail(email);

    // If no match we can't authenticate
    if(user == null){
        throw new AuthenticationException();
    }

    // Else, build a token with the user id and password
    UsernamePasswordToken token = new UsernamePasswordToken(user.getUserId().toString(), password);

    // Attempt to login
    SecurityUtils.getSubject().login(token);

}catch(AuthenticationException ex){
    return false;
}

My UserDAO bean javax.persistence.NoResultException null.

shiro.ini jdbcRealm.authenticationQuery ( , MySQL)

jdbcRealm.authenticationQuery = SELECT password FROM user WHERE user_id = CAST(? AS UNSIGNED)

, , , .

currentUser = userDAO.findByUserId(Integer.parseInt((String) SecurityUtils.getSubject().getPrincipal()));

Apache Shiro: authenticate with username / password but store user id as primary

More articles: