Jared,
Thanks for this, but now I guess my question is what does your configuration
look like because I am doing very similar calls (I did it adding the session
information and I also looked at the Fiddler log from my browser to see the
session id showing up properly in the cookie header). I'm getting similar
responses until the last one. That just gives me a 200 OK with the
login.jsp content again.
I've modified my configuration a bit to try and figure out what I'm doing
wrong, so here is my current spring configuration:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="loginUrl" value="/login.jsp" />
<property name="successUrl" value="/Reports.jsp" />
<property name="securityManager" ref="securityManager" />
<property name="filterChainDefinitionMap">
<map>
<entry key="/Reports.jsp" value="authc" />
<entry key="/ws/**" value="authcBasic" />
</map>
</property>
</bean>
Jared Bunting wrote:
>
> After doing some quick testing, this is what I've found:
>
> The FormAuthenticationFilter only attempts to perform a login if the
> parameters are passed to your login page. This login result is saved in
> your session and you are redirected to your originally requested page
> (Reports.jsp). However, you need your session id to retain your "logged
> in"
> state.
>
>
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/FormAuthenticationFilter-basics-question-tp5854588p5875818.html
Sent from the Shiro User mailing list archive at Nabble.com.
