The 'authc' filter is an instance of the FormAuthenticationFilter class by default. This means it is expected that the underlying page that is served has a form in it, and that form has 'username' and 'password' form fields and an optional 'rememberMe' field.
The FormAuthenticationFilter will automatically look for those form fields, construct a UsernamePasswordToken accordingly, and call subject.login(token) automatically. You don't need to write a servlet or JSP to do that logic. You just need to ensure that the form is served - either via a normal .html page or a JSP/JSF or whatever page. Now, if you _do_ want to process the submission yourself (construct the token and call subject.login manually), because you want to use your own MVC framework, or to customize how error messages are displayed, or for whatever other reason, you should use the PassThruAuthenticationFilter instead: [main] ... # override authc to 'pass thru' to an underlying MVC mechanism: authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter authc.loginUrl = /login.whatever roles.unauthorizedUrl = /unauthorized.whatever [urls] /secure/** = authc, roles[user] /admin/** = authc, roles[admin] /** = authc Regards, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Tue, Oct 5, 2010 at 2:23 AM, pkerrigan <[email protected]> wrote: > > Hi Kalle, > > thanks for the pointer. I think now it must be a problem of configuration, > not Icefaces. > > My working example program had a public home page and a secure area, but I > want to restrict access to ALL pages in my Icefaces application. To do this > I added /** = authc to the url section as shown below. > > When I do this to my working example program it stops working in the same > way as with the Icefaces webapp, even though I have added the /login.jsp = > authc line. > > What is the correct way to restrict access to all pages? > > > [filters] > authc.loginUrl = /login.jsp > roles.unauthorizedUrl = /unauthorized.jsp > > [urls] > /login.jsp = authc > /secure/** = authc, roles[user] > /admin/** = authc, roles[admin] > /** = authc > > > ----- > regards, > Philip Kerrigan > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Using-Shiro-with-Icefaces-tp5600653p5602443.html > Sent from the Shiro User mailing list archive at Nabble.com.
