Will do.
BTW, I plan on submitting a complete tutorial for the things I have been
through with your help over the last 2 weeks. Securing Jetty web
application using Shiro forms auth and custom realms for authent/author
and my jersey/rest workarounds. Since I had to parse together stuff
from all over including yourself as a valuable resource. If you are
interested in having that for the site or just the forums.
Thanks,
Chris
On 1/31/2012 3:39 PM, Les Hazlewood wrote:
If you get stuck, please share your existing relevant config.
Cheers,
Les
On Wed, Feb 1, 2012 at 5:39 AM, Chris Richmond<[email protected]> wrote:
Ok I tried that first approach, simply adding another entry to the urls,
since I was fine with one redirected login page, however that page never
seemed to actually authenticate me even though the form on it uses identical
params.
If this should work, in theory, then I need to take a closer look.
Thanks
On 1/31/2012 3:26 PM, Les Hazlewood wrote:
Sure, you can do this, as long as the form parameter names are the
same (username, password, rememberMe). You just need to specify that
the two different pages are filtered by the authc controller:
[urls]
/login.jsp = authc
/anotherLoginPage.jsp = authc
However, the authc controller only accepts a single login page for
configuration:
[main]
authc.loginUrl = /login.jsp
So if they're unauthenticated, that will be the page they're
redirected to for login.
If this doesn't meet your needs, you can also configure two of the
FormAuthenticationFilters:
[main]
# use the default one
authc.whatever = whatever
# add and configure a 2nd FormAuthenticationController instance for other
needs:
authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
...
[urls]
/login.jsp = authc
/login2.jsp = authc2
The default filters automatically available in the [main] section are
just some beans provided by default - you can configure as many as you
like, like any other object.
HTH,
