If that is the case, you will want to redefine 'authc' to be the PassthroughAuthenticationFilter. This will allow the standard 'authc' behavior, but requires you to implement your own Form and Form controller (which you have already done):
[main] authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter authc.loginUrl = /path/to/login.jsp authc.successUrl = /path/after/successful/login That should do the trick. Cheers, Les On Mon, Jul 20, 2009 at 11:13 AM, Tcharlie<[email protected]> wrote: > > > > Les Hazlewood-2 wrote: >> >>>> How is does the user authenticate with your application? Do they fill >>>> in and submit a form or are you using Basic HTTP Authentication or >>>> some other method? >>>> >>>> >>> >>> I've got a jsp form to authenticate my users. the link is good because if >>> my >>> user is not authenticated, he is redirected on my login page >> >> You need to tell the authentication filter what your login url is so >> it knows where to redirect if a user is not authenticated: >> >> [main] >> authc.loginUrl = /some/path/to/login.jsp >> >> Cheers, >> >> Les >> >> > > It's already done and it works fine. > > I forgot to precise that I can't use the FormAuthenticationFilter (I don't > know wich filter you put as default)r, because my authentication token > encloses 3 params (username, password and mandator, wich represent the > authorisation context (toto may be the hsbc chairman (full application > access), but Citybank customer (restricted access)). > My realm supports this token but FormAuthenticationFilter throws a > listenerstart error if I use it. > > Unfortunately, the link I have to clic on is not hidden to the unauthorized > users resulting an access permitted by ki when I clic on, but a > " Etat HTTP 401 - > > type Rapport d'�tat > > message > > description La requ�te n�cessite une authentification HTTP (). > Apache Tomcat/6.0.18" > > Error. > I deduce that ki allowed me to pass (I wasn't redirected on login page) and > challenged my http Headers. Due to the fact that I don't have the > authentication header (I lost it when I clicked on the link), the server > doesn't allow me see my page... > -- > View this message in context: > http://n2.nabble.com/BasicHttpHeader-and-jsp-links-tp3288699p3289410.html > Sent from the Shiro User mailing list archive at Nabble.com. >
