Okay I am new to Shiro and I am having trouble understanding the difference between PassThruAuthenticationFilter and FormAuthenticationFilter
Okay now my questions are-: 1. The PassThruAuthenticationFilter does not handle any login. It just redirects based on the type of request. But the FormAuthenticationFilter actually can login the user. Am I right ? 2. When defining a form that uses the PassThruAuthenticationFilter the form must have a valid action field pointing to the user defined LoginController. While for the FormAuthenticationFilter no form action needs to be specified since the filter itself will take care of login. 3. I was looking at the src of the PassThruAuthenticationFilter. If the request is to the login page ie. is a login request then the filter returns true and lets the application code handle the process. But if its not then it redirects to the login page. Now this is fine in case of unauthenticated users. But what if the user is authenticated ? What then ? will the user still be redirected to the login page ? Because that's what the code implies.
