Announcement Announcement Module
No announcement yet.
Spring Shiro HIbernate and mysql integration with jdbcrealm Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Shiro HIbernate and mysql integration with jdbcrealm

    Can somebody help me please, i was trying to solve this error that i get form the Apache tomcat
    ago 27, 2012 12:52:46 PM org.apache.catalina.core.StandardContext startInternal
    Grave: Error listenerStart
    so my web.xml is

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="" xmlns="" 
        xsi:schemaLocation="" id="WebApp_ID" version="2.5">
        <!-- Shiro Filter is defined in the spring application context: -->
      <display-name>Archetype Created Web Application</display-name>
    my applicationContext.xml is

    <?xml version="1.0" encoding="UTF-8"?>
    <beans ...>
        <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <property name="loginUrl" value="/index.jsp"/>
            <property name="successUrl" value="/index.jsp"/>
            <property name="unauthorizedUrl" value="/unauthorized.jsp"/>
            <!-- The 'filters' property is usually not necessary unless performing an override, which we
                 want to do here (make authc point to a PassthruAuthenticationFilter instead of the
                 default FormAuthenticationFilter: -->
            <property name="filterChainDefinitions">
                    /auth/** = authc, roles[usuario]
                    /admin/** = authc, roles[administrador]
        <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
            <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
            <property name="url" value="jdbc:mysql://localhost:3306/zar"/>
            <property name="serverName" value="${jdbc.serverName}"/>
            <property name="user" value="${jdbc.user}"/>
            <property name="password" value="${jdbc.passwd}"/>
            <property name="databaseName" value="${jdbc.databaseName}"/>
       <!--<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
            <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
            <property name="url" value="jdbc:mysql://localhost:3306/zar"/>
            <property name="username" value="root"/>
            <property name="password" value="princesa123"/>
        <!-- Shiro's main business-tier object for web-enabled applications
             (use org.apache.shiro.web.mgt.DefaultWebSecurityManager instead when there is no web environment)-->
        <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
            <!-- Single realm app (realm configured next, below).  If you have multiple realms, use the 'realms'
          property instead. -->
            <property name="realm" ref="zarRealm"/>
            <!--Uncomment this next property if you want heterogenous session access or clusterable/distributable
                 sessions.  The default value is 'http' which uses the Servlet container's HttpSession as the underlying
                 Session implementation. 
            <property name="sessionMode" value="native"/> -->
        <!-- Post processor that automatically invokes init() and destroy() methods -->
        <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
        <bean id="zarRealm" class="com.catani.realm.zarRealm">
            <property name="dataSource" ref="dataSource"/>
    and my realm is

    public class zarRealm extends JdbcRealm {
        protected static final String DEFAULT_AUTHENTICATION_QUERY = "select password from zar_cuenta where email = ?";
        protected static final String DEFAULT_USER_ROLES_QUERY = "select nombre_rol from zar_cuenta_rol zcr,zar_cuenta zc where = zc.id_rol and ?";
        protected static final String DEFAULT_PERMISSIONS_QUERY = "select permission from roles_permissions where role_name = ?";
        private static final Logger log = LoggerFactory.getLogger(zarRealm.class);
        protected DataSource dataSource;
        protected String authenticationQuery = DEFAULT_AUTHENTICATION_QUERY;
        protected String userRolesQuery = DEFAULT_USER_ROLES_QUERY;
        protected String permissionsQuery = DEFAULT_PERMISSIONS_QUERY;
        protected boolean permissionsLookupEnabled = false;
        public void setDataSource(DataSource dataSource) {
        this.dataSource = dataSource;
        public void setAuthenticationQuery(String authenticationQuery) {
            this.authenticationQuery = authenticationQuery;
        public void setUserRolesQuery(String userRolesQuery) {
            this.userRolesQuery = userRolesQuery;
        public void setPermissionsQuery(String permissionsQuery) {
        this.permissionsQuery = permissionsQuery;
        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            UsernamePasswordToken upToken = (UsernamePasswordToken) token;
            String username = upToken.getUsername();
            // Null username is invalid
            if (username == null) {
                throw new AccountException("Null usernames are not allowed by this realm.");
            Connection conn = null;
            AuthenticationInfo info = null;
            try {
                conn = dataSource.getConnection();
                String password = getPasswordForUser(conn, username);
                if (password == null) {
                    throw new UnknownAccountException("No account found for user [" + username + "]");
                info = buildAuthenticationInfo(username, password.toCharArray());
            } catch (SQLException e) {
                final String message = "There was a SQL error while authenticating user [" + username + "]";
                if (log.isErrorEnabled()) {
                    log.error(message, e);
                // Rethrow any SQL errors as an authentication exception
                throw new AuthenticationException(message, e);
            } finally {
            return info;
        protected AuthenticationInfo buildAuthenticationInfo(String username, char[] password) {
            return new SimpleAuthenticationInfo(username, password, getName());
        private String getPasswordForUser(Connection conn, String username) throws SQLException {
            PreparedStatement ps = null;
            ResultSet rs = null;
            String password = null;
            try {
                ps = conn.prepareStatement(authenticationQuery);
                ps.setString(1, username);
                // Execute query
                rs = ps.executeQuery();
                // Loop over results - although we are only expecting one result, since usernames should be unique
                boolean foundResult = false;
                while ( {
                    // Check to ensure only one row is processed
                    if (foundResult) {
                        throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
                    password = rs.getString(1);
                    foundResult = true;
            } finally {
            return password;
    what can i do to get the shiro and spring integration with jdbcrealm, hibernate and mysql...