I've developed a test web app that duplicates the functionality of the the example web app at http://svn.apache.org/repos/asf/shiro/trunk/samples/web without using JSP, Maven or a web.xml configuration file. It's an Eclipse java project that uses the jetty embedded model with shiro.
Here is a debug trace of the Request/Response flow that shows the problem: 2011-07-10 21:12:23 log [DEBUG] REQUEST /index.html on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@[email protected]:80<->127.0.0.1:1364 2011-07-10 21:12:23 log [DEBUG] scope null||/index.html @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:23 log [DEBUG] RESPONSE /index.html 200 2011-07-10 21:12:34 log [DEBUG] REQUEST /ams/login.html on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@[email protected]:80<->127.0.0.1:1364 2011-07-10 21:12:34 log [DEBUG] scope null||/ams/login.html @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:34 log [DEBUG] context=/ams||/login.html @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:34 log [DEBUG] Got Session ID ko6d1o5558ws1191di9twoh2f from cookie 2011-07-10 21:12:34 log [DEBUG] sessionManager=org.eclipse.jetty.server.session.HashSessionManager@d0a5d9 2011-07-10 21:12:34 log [DEBUG] session=org.eclipse.jetty.server.session.HashSessionManager$HashedSession:ko6d1o5558ws1191di9twoh2f@3098834 2011-07-10 21:12:34 log [DEBUG] servlet /ams||/login.html -> null 2011-07-10 21:12:34 log [DEBUG] RESPONSE /ams/login.html 304 2011-07-10 21:12:38 log [DEBUG] closed org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@[email protected]:80<->127.0.0.1:1373 2011-07-10 21:12:40 log [DEBUG] REQUEST /ams/main on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@[email protected]:80<->127.0.0.1:1364 2011-07-10 21:12:40 log [DEBUG] scope null||/ams/main @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:40 log [DEBUG] context=/ams||/main @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:40 log [DEBUG] Got Session ID ko6d1o5558ws1191di9twoh2f from cookie 2011-07-10 21:12:40 log [DEBUG] sessionManager=org.eclipse.jetty.server.session.HashSessionManager@d0a5d9 2011-07-10 21:12:40 log [DEBUG] session=org.eclipse.jetty.server.session.HashSessionManager$HashedSession:ko6d1o5558ws1191di9twoh2f@3098834 2011-07-10 21:12:40 log [DEBUG] servlet /ams|/main|null -> com.ams.MainServlet-25396707 2011-07-10 21:12:40 log [DEBUG] chain= 2011-07-10 21:12:40 log [DEBUG] call filter org.apache.shiro.web.servlet.IniShiroFilter-11468767 2011-07-10 21:12:40 log [DEBUG] RESPONSE /ams/main 302 2011-07-10 21:12:40 log [DEBUG] REQUEST /ams/login.html on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@[email protected]:80<->127.0.0.1:1364 2011-07-10 21:12:40 log [DEBUG] scope null||/ams/login.html @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:40 log [DEBUG] context=/ams||/login.html @ o.e.j.s.ServletContextHandler{/ams,null} 2011-07-10 21:12:40 log [DEBUG] Got Session ID ko6d1o5558ws1191di9twoh2f from cookie 2011-07-10 21:12:40 log [DEBUG] sessionManager=org.eclipse.jetty.server.session.HashSessionManager@d0a5d9 2011-07-10 21:12:40 log [DEBUG] session=org.eclipse.jetty.server.session.HashSessionManager$HashedSession:ko6d1o5558ws1191di9twoh2f@3098834 2011-07-10 21:12:40 log [DEBUG] servlet /ams||/login.html -> null 2011-07-10 21:12:40 log [DEBUG] RESPONSE /ams/login.html 304 Here is the contents of my shiro.ini file: #===================================== [main] authc.loginUrl = /login.html [users] # format: username = password, role1, role2, ..., roleN root = secret,admin guest = guest,guestpresidentskroob = 12345,presidentdarkhelmet = ludicrousspeed,darklord,schwartz lonestarr = vespa,goodguy,schwartz [roles] # format; roleName = permission1, permission2, ..., permissionN admin = * schwartz = lightsaber:* goodguy = winnebago:drive:eagle5 [urls] /index.html = anon /login.html = authc /main/** = authc, roles[goodguy] /recovery = anon #================================== Here is my main java application code: package com.ams; import org.eclipse.jetty.http.ssl.SslContextFactory; import org.eclipse.jetty.server.Connector; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.handler.DefaultHandler; import org.eclipse.jetty.server.handler.HandlerList; import org.eclipse.jetty.server.handler.ResourceHandler; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.apache.shiro.web.servlet.AbstractShiroFilter; import org.apache.shiro.web.servlet.IniShiroFilter; public class AmsServer { public static void main(String[] args) throws Exception { Server server = new Server(); SelectChannelConnector connector = new SelectChannelConnector(); connector.setPort(80); connector.setMaxIdleTime(30000); connector.setRequestHeaderSize(8192); SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector(); String jetty_home = System.getProperty("jetty.home","C:/jetty-hightide-7.4.2.v20110526"); System.setProperty("jetty.home",jetty_home); ssl_connector.setPort(443); SslContextFactory cf = ssl_connector.getSslContextFactory(); cf.setKeyStore(jetty_home + "/etc/keystore"); cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); server.setConnectors(new Connector[]{ connector, ssl_connector }); ResourceHandler resource_handler = new ResourceHandler(); resource_handler.setDirectoriesListed(true); resource_handler.setWelcomeFiles(new String[]{ "index.html" }); resource_handler.setResourceBase("."); ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); context.setContextPath("/ams"); context.addServlet(new ServletHolder(new MainServlet()), "/main"); context.addServlet(new ServletHolder(new RecoveryServlet()),"/recovery"); /* setup shiro */ AbstractShiroFilter filter = new IniShiroFilter(); filter.setServletContext(context.getServletContext()); context.addFilter( new FilterHolder(filter) , "/*", 0); /* end setup shiro */ HandlerList handlers = new HandlerList(); handlers.setHandlers(new Handler[] { context, resource_handler, new DefaultHandler()}); server.setHandler(handlers); server.start(); server.join(); } } Lastly, here is my login.html page: <html> <head><title>Login</title></head> <body> <form name="loginform" action="/ams/main" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr> <td>Username:</td> <td><input type="text" name="username" maxlength="30"></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="password" maxlength="30"></td> </tr> <tr> <td colspan="2" align="left"><input type="checkbox" name="rememberMe"><font size="2">Remember Me</font></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td> </tr> </table> </form> </body> </html> Thanks in advance, James
