I have a login form that gets redirected to a servlet upon success. I am using apache shiro for authentication and I am trying to extract the username submitted by my form so I can use it in my servlet. I'm wondering if shiro already has these values stored in a session. if so, how do I extract these so I can use them in my servlet? I have tried putting a form action on my form and extracting the username using request.getParameter("username") in my servlet but it doesn't seem to work when using shiro. I have read the shiro documentation and read similar questions also. I'm still unsure about where to actually configure and extract session variables. Is it in shiro.ini or in my servlet?
shiro.ini
jdbcRealm= org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = SELECT role from userroles where userID = (select id FROM user WHERE username = ?)
;jdbcRealm.permissionsQuery = ??????
ds = com.mysql.cj.jdbc.MysqlDataSource
ds.serverName = localhost
ds.user = root
;ds.password = shiro
ds.databaseName = shiro
jdbcRealm.dataSource= $ds
passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 5000
authc.loginUrl = /login.jsp
authc.usernameParam = username
authc.passwordParam = password
;authc.rememberMeParam = rememberMe
authc.successUrl = /secret/SecretStockServlet
logout.redirectUrl = /login.jsp
[urls]
/login.jsp = authc
/secret/** = authc
/logout = logoutLog in Form
<form name="loginform" id ="loginform" method="post">
<div class="container">
<h1>Log in</h1>
<p>Please fill in this form to log in.</p>
<hr>
<label for="username"><b>Email</b></label>
<input type="text" placeholder="Enter Email" name="username" id="username" required>
<label for="password"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" id="password" required>
<hr>
<button type="submit" class="loginbtn">Log in</button>
</div>
<div class="container signin">
<p>Need to register? <a href="register.jsp">Sign up</a>.</p>
</div>
</form>/secret/SecretStockServlet
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String address;
try {
List<SalesStock> list = stockRepository.getAllSalesStock();
address = "/secret/stock.jsp";
Subject currentUser = SecurityUtils.getSubject();
Session session = (Session) currentUser.getSession();
request.setAttribute("list", list);
} catch (Exception ex) {
address = "/error.jsp";
}
RequestDispatcher dispatcher = request.getRequestDispatcher(address);
dispatcher.forward(request, response);
}
If you are using JSPs you could use the Shiro Tag lib
OR
Calling request.getUserPrincipal().getName() should return the Subject's username.
OR
You can likely get the info you need from calling Subject.getPrincpal() too, though this depends on the implementation of your realms.