Hiya, It sounds like you're trying to ensure that the path is accessible to known users only - either those that are currently authenticated, or who are remembered from a previous login.
If that is the case, I would use the existing org.apache.shiro.web.filter.authc.UserFilter For example, in shiro.ini: [urls] ... /usersOnly/** = user Is that what you were looking for? Cheers, Les On Tue, Sep 7, 2010 at 11:59 PM, slott <[email protected]> wrote: > > Thanks for the reply. > > I understand the design decision now. It was made quite clear with the > Amazon.com example. But there are web applications where it makes more > sense to authenticate users simply based on the cookie (like the intranet > site I am working on now). > > From what I can see there is no simple parameter to change this behavior. > How would I best go about making it? > > Would you recommend extending FormAuthenticationFilter to issue a > issueSuccessRedirect when user is remembered? Or is extending the > PassThruAuthenticationFilter the way to go. > And then setting > authc = MyFilterThatExtendsAnother > in ini file? > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/RememberMe-not-granting-access-to-secure-area-tp5502220p5509388.html > Sent from the Shiro User mailing list archive at Nabble.com. >
