Hi, is it wrong to assume that there is no possibility to use Shiro with its FormAuthenticationFilter to secure a 2nd filter mapped to the same url-pattern which serves the login form specified at authc.loginUrl?
The redirection to the loginUrl works fine but there seems to be a problem to get username and password on the POST to loginUrl. At least there is no authentication but always a redirection to the loginUrl again. I'm thinking of that the ShiroFilter has some problem with detecting loginUrl because this url is served by the next filter and so it doesn't exist at the time when ShiroFilter is running. The 2nd filter is a JSR311 implementation. I switched over to PassThruAuthenticationFilter and call a SecurityUtils.getSubject().login(token) in the code executed by the 2nd filter. This works. Another possibility would be, I guess, to use an only by ShiroFilter filtered JSP or servlet as loginUrl. Is my assumption at the beginning correct or could I also use FormAuthenticationFilter with any reconfiguration? Thanks Markus
