Hi, For the "authc.loginUrl", you have to set up something because it's the url that will be called when a user tries to access a protected area and it's still possible for a user to directly call a protected url. You can by example choose a default page with the embbeded login form or create a specific login page.
The "roles.unauthorizedUrl" configuration is dedicated to the use case where users are authenticated but don't have the right roles. It depends on your realm : are your sure this use case won't happen (users always granted a default role which is checked in roles filter) ? If so, drop it; if not, you will need to configure a specific page for this use case. Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/login-into-application-without-dedicated-login-page-using-shiro-API-tp7577620p7577661.html Sent from the Shiro User mailing list archive at Nabble.com.
