FormAuthenticationFilter basics question

[jhericks]

I can find plenty of examples that show how to configure a URL to use the
authc filter, but I cannot find any examples of a simple login page that
would be appropriate.  I am using Spring integration to Shiro, but I don't
think that has anything to do with my problem.

>From reading the documentation, I set up my filter factory like this:
        <bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
                <property name="loginUrl" value="/login.jsp" />
                <property name="successUrl" value="/Reports.jsp" />
                <property name="securityManager" ref="securityManager" />
                <property name="filterChainDefinitionMap">
                        <map>
                                <entry key="/ws/**" value="authc" />
                                <entry key="/Reports.jsp" value="authc" />
                                <entry key="/**" value="anon" />
                        </map>
                </property>
        </bean>

I'll spare you the entire xml file.  I can tell that it's picking up the
right filter, because when I do this:
* curl -v localhost:8080/factorlab-web/Reports.jsp
I get this response:
< HTTP/1.1 302 Found
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: JSESSIONID=19gdgnmukynb3;Path=/factorlab-web
< Location:
http://localhost:8080/factorlab-web/login.jsp;jsessionid=19gdgnmukynb3
< Content-Length: 0
< Server: Jetty(6.1.21)
< 

So far, so good, right? However, if I submit the username and password, I
should get the content of Reports.jsp, right?  I don't.  If I do this:
* curl -v -d "username=demo&password=demo&rememberMe=false"
http://localhost:8080/factorlab-web/Reports.jsp

I get the same response as before: 
< HTTP/1.1 302 Found
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: JSESSIONID=qnidg37bqo9f;Path=/factorlab-web
< Location:
http://localhost:8080/factorlab-web/login.jsp;jsessionid=qnidg37bqo9f
< Content-Length: 0
< Server: Jetty(6.1.21)
< 

Clearly I'm confused either about configuration or about how it's supposed
to work.  First, can anyone tell me just what I should expect from the
second curl command, or why I don't see what I'm expecting? 

Second, is there a small sample with a login.jsp (or similar) where I could
see what happens when a user:
* Goes explicitly to the login page
* Is automatically directed to the login page (e.g. logging in takes you
back to the original attempted page).
* Submits bad username and password from the login page.

-- 
View this message in context: 
http://shiro-user.582556.n2.nabble.com/FormAuthenticationFilter-basics-question-tp5854588p5854588.html
Sent from the Shiro User mailing list archive at Nabble.com.