You need to get the SavedRequest object after a successful login, which is created automatically when accessing a URL for which the Subject is not authenticated.
You can do this by calling WebUtils.getAndClearSavedRequest(request) and then use the SavedRequest object that is returned to construct the redirect. Look at the AuthenticationFilter source code - the 'issueSuccessRedirect' method here: https://svn.apache.org/repos/asf/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticationFilter.java You could replicate that logic in your controller do perform the redirect. In the meantime, I'll pose the question to the dev list to see if this should be a static method call since there is nothing in that code that requires use of a class attribute - then you could just make a single call in your code instead of replicating the above method code. Cheers, Les On Tue, Jul 28, 2009 at 9:58 AM, Andy Tripp<[email protected]> wrote: > Les, > OK, I'm using PassThruAuthenticationFilter now. But I still don't know > how to store the URL that the user is tring to get to so that I can send > him there after successful login. I have this in my ShiroFilter config: > /account/** = myauthc > ...and how that's being handled is a mystery to me. > > Andy > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Les Hazlewood > Sent: Monday, July 27, 2009 5:38 PM > To: [email protected] > Subject: Re: > > Hi Andy, > > Yep, you can do this, but you'll need to use the > PassThruAuthenticationFilter instead to 'pass thru' the request to > your login controller directly. The 'authc' filter defaults to an > instance of the > org.apache.shiro.web.filter.authc.FormAuthenticationFilter class and > is used only if you want Shiro to be the 'controller' for form > submissions. This works fine in many apps, but for more customized > processing, you'll definitely want to use the > PassThruAuthenticationFilter instead. > > You have two ways to do this. In your ShiroFilter's .ini config, you > can 1) reassign the 'authc' filter to be what you want: > > [filters] > ... > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > > or you can 2) just create a new filter and reference that everywhere > instead of 'authc': > > myAuthc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > > [urls] > /some/path = myAuthc > etc. > > I tend to prefer the first to avoid the confusion that there might be > more than one authentication filter, but it is entirely up to you. > > Cheers, > > Les > > On Mon, Jul 27, 2009 at 4:00 PM, Andy Tripp<[email protected]> > wrote: >> Hi, >> I have a question about filters. >> In the javadoc for the ShiroFilter class, it shows how to redirect all >> requests to urls under "/account" to the built-in "authc" filter. I've >> got that working in the "webapp" example, and I've changed the > login.jsp >> to invoke my servlet that does the authentication. >> >> But now, of couse, I want to pass the user on to the page he was > trying >> to get to (e.g. /account/index.jsp). Is there a way to do that? > Perhaps >> a way in the filter configuration text that says "redirect all >> /account/** requests to login.jsp, and set the hidden form field > called >> 'nextPage' to the specific URL that the user's trying to get to" or >> something like that? >> >> Thanks, >> Andy >> >
