Hi Andy, They know to perform a login attempt because of your configured login URL and they can react to requests sent to that URL.
The FormAuthenticationFilter for example determines that a request must be a form submission if the request path matches your configured login URL and it is a POST request. No form "action" attribute is required - the filter knows how to automatically inspect the request. Here is the logic if you're curious: https://svn.apache.org/repos/asf/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.java the 'onAccessDenied' method implementation. Cheers, Les On Tue, Jul 28, 2009 at 1:36 PM, Andy Tripp<[email protected]> wrote: > Les, > > I've got things working with the PassThruAuthenticationFilter, but I > don't understand how the flow of control works with > FormAuthenticationFilter. With either PassThruAuthenticationFilter or > FormAuthenticationFilter, we redirect the user to login.jsp, and we have > to supply some ACTION. i.e. the webapp sample comes with a blank ACTION > that needs to be filled in by me, right? In my case, I send a POST to my > own servlet which calls login() and redirects. I see the > FormAuthenticationFilter does the same thing in the > AuthenticatingFilter.executeLogin() method, but I don't understand where > that's called from. Is there some servlet that comes with Shiro that > makes that call, or is there some other "magic" way that it gets called > when the user presses Submit on login.jsp? > > Thanks for all the answers. > Andy > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Les Hazlewood > Sent: Tuesday, July 28, 2009 11:19 AM > To: [email protected] > Subject: Re: sending user to page after login > > Hi Andy, > > The existing FormAuthenticationFilter does indeed already perform this > logic of redirect immediately after successful login in its > onLoginSuccess method implementation. > > Cheers, > > Les > >
