Hello ISIS Team, we have developed a complex ISIS application using the Wicket Viewer, Shiro and the ISIS Security Module. The Wicket UI will be used for configuration and administration. Which now works really well and was a lot of fun!
For the normal user we are developing a Javascript frontend to display user group specific dashboards with complex charts (D3/Snap.svg/JQuery/…) using some data from ISIS Restful Object Viewer. The frontend user are registered with specific roles in ISIS Security Module. We have configured shiro to protect the javascript under the path /app/** in the following way: [main] .... shiro.loginUrl = /wicket/signin .... [urls] /app/** = authc Now when a user will access /app/index.html for the first time, he will be redirected to the /wicket/signin page. After the successful login he should be redirected to /app/index.html, which is not happening. The standard Shrio login page is redirecting to the original requested url/path after successful login. See [1]: "Based on this line of config, the authc filter is now smart enough to know that if the current Subject is not authenticated when accessing /account, it will automatically redirect the Subject to the /login.jsp page. After successful login, it will then automatically redirect the user back to the page they were trying to access (/account). Convenient!" How can we achieve this with ISIS or are there better ways of doing a mixed login process? Thanks in advance and regards, A. Richter [1] https://shiro.apache.org/webapp-tutorial.html (Step 5b)
