The filter below works fine just fine with login.jsp...redirects when its
supposed to....shiro tags in that page pickup no problem
<filter>
<filter-name>Shiro</filter-name>
<filter-class>
org.apache.shiro.web.servlet.IniShiroFilter
</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
[main]
#securityManager.sessionMode = native
authcRealm = my.security.WebRealm
lookedUpRealm = my.security.WebRealm
authc.loginUrl = /login.jsp
securityManager.realms = $lookedUpRealm
[urls]
/secure/** = authc
/login.jsp = authc
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Shiro</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If I change the urls:
/secure/** = authc
/login.jsp = authc
/index.jsp = authc
This does not work. I cannot just go to index.jsp and login...my auth
realm code is never even called. Redirects/logins to login.jsp continue to
work and if I go back to index.jsp, then shiro tags pick up that I am
actually logged in, but I just cannot actually log in at index.jsp.
login.jsp and index.jsp contain the exact same form element:
<form name="loginForm" action="" method="post">
<shiro:guest>
You are not currently logged in
</shiro:guest>
<BR/>
Username:<input type="text" name="username" maxlength="30"
style="height:10px">
<BR/>
Password:<input type="password" name="password" maxlength="30"
style="height:10px">
<BR/>
<input type="submit" name="submit">
</form>
On Tue, Jan 31, 2012 at 3:39 PM, Les Hazlewood <[email protected]>wrote:
> If you get stuck, please share your existing relevant config.
>
> Cheers,
>
> Les
>
> On Wed, Feb 1, 2012 at 5:39 AM, Chris Richmond <[email protected]>
> wrote:
> > Ok I tried that first approach, simply adding another entry to the urls,
> > since I was fine with one redirected login page, however that page never
> > seemed to actually authenticate me even though the form on it uses
> identical
> > params.
> >
> > If this should work, in theory, then I need to take a closer look.
> >
> > Thanks
> >
> >
> > On 1/31/2012 3:26 PM, Les Hazlewood wrote:
> >>
> >> Sure, you can do this, as long as the form parameter names are the
> >> same (username, password, rememberMe). You just need to specify that
> >> the two different pages are filtered by the authc controller:
> >>
> >> [urls]
> >> /login.jsp = authc
> >> /anotherLoginPage.jsp = authc
> >>
> >> However, the authc controller only accepts a single login page for
> >> configuration:
> >>
> >> [main]
> >> authc.loginUrl = /login.jsp
> >>
> >> So if they're unauthenticated, that will be the page they're
> >> redirected to for login.
> >>
> >> If this doesn't meet your needs, you can also configure two of the
> >> FormAuthenticationFilters:
> >>
> >> [main]
> >> # use the default one
> >> authc.whatever = whatever
> >>
> >> # add and configure a 2nd FormAuthenticationController instance for
> other
> >> needs:
> >> authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
> >> ...
> >>
> >> [urls]
> >> /login.jsp = authc
> >> /login2.jsp = authc2
> >>
> >> The default filters automatically available in the [main] section are
> >> just some beans provided by default - you can configure as many as you
> >> like, like any other object.
> >>
> >> HTH,
> >>
>
