Can you share your ini config? On Oct 31, 2011 8:01 AM, "Julien Muller" <[email protected]> wrote:
Hello, I am evaluating security solutions for a GWT application. I like the shiro approach since it seems simple and easy to plug to ldap, but I am afraid I did not really find working examples or tutorial about this context. I acknowledge you cannot use shiro classes from client side (javascript), but do not think this should be a problem. My understanding about what I should do (simple version with local users defined in shiro.ini): - Add IniShiroFilter to my web.xml - add shiro.ini with authc.loginUrl = login.html, users and urls. - Add a login.html page - I will handle rpc security afterwards passing credentials in my payload and perform server side validation for each call. Up to know, I can tell my shiro.ini is taken into account, the application can forward to login.html, but then nothing else is done. I have seen in this tutorial: http://www.brucephillips.name/blog/print.cfm?id=7766522C-3048-7B4D-A96E8EA958A8E540 that a custom servlet is implemented for login. It seems to me it should be handled automatically by shiro (or not?). Furthermore, shiro documentation let me believe that after login, the user will be automatically redirected to his original request page, which is definitely not the case during my tests. Any help or guidance would be appreciated. -- Best Regards, Julien
