In trying to implement x509 authentication I have added the following lines to shiro.ini:
[main] authc.loginUrl = /X509Login ssl.port = 7002 cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager [users] root = secret, admin guest = guest, guest presidentskroob = 12345, president darkhelmet = ludicrousspeed, darklord, schwartz lonestarr = vespa, goodguy, schwartz PageRobert = password, goodguy, vipre [roles] admin = * schwartz = lightsaber:*, ship:NCC-1701-D:command goodguy = winnebago:drive:eagle5, user:lonestarr:edit vipre = scheduler [urls] /X509Login = ssl /logout = logout /TestApp1 = ssl, authc, roles[vipre] /TestApp2 = ssl, authc, roles[schwartz] In the [users] section I added an entry with a username corresponding to the CN from the DN from the X509 certificate and a fixed password of ‘password’. X509Login is a sevlet that gets the x509 certificate from the request header. I extract the CN portion from the DN of the certificate and use that to create a UsernamePasswordToken that I call webSubject.login(usernamePasswordToken). This all works fine. The problem I have is how do I forward/redirect to the original request URL? Shiro intercepts the original request and forwards to my X509Login servlet which, if the user is successfully authenticated, needs to take the user to his original request page. -- View this message in context: http://shiro-user.582556.n2.nabble.com/x509-authentication-tp7580976p7580988.html Sent from the Shiro User mailing list archive at Nabble.com.
