I just wrote out a response with my configuration - but it's so simple I don't think it would help you and I think I see your problem. Remember that the filters defined in filterChainDefinitionMap are essentially servlet filters - they wrap an http request and operate on it before it hits your servlet (or jsp). The authc filter does the actual username/password check (in addition to redirecting you if you're not logged in) when you submit login.jsp. However, in your configuration authc never gets a change to handle the request when login.jsp is submitted.
Try adding <entry key="/login.jsp" value="authc" /> to your filterChainDefinitionMap. -Jared On 12/29/10 5:19 PM, "jhericks" <[email protected]> wrote: > > Jared, > > Thanks for this, but now I guess my question is what does your configuration > look like because I am doing very similar calls (I did it adding the session > information and I also looked at the Fiddler log from my browser to see the > session id showing up properly in the cookie header). I'm getting similar > responses until the last one. That just gives me a 200 OK with the > login.jsp content again. > > I've modified my configuration a bit to try and figure out what I'm doing > wrong, so here is my current spring configuration: > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="loginUrl" value="/login.jsp" /> > <property name="successUrl" value="/Reports.jsp" /> > <property name="securityManager" ref="securityManager" /> > <property name="filterChainDefinitionMap"> > <map> > <entry key="/Reports.jsp" value="authc" /> > <entry key="/ws/**" value="authcBasic" /> > </map> > </property> > </bean> > > > Jared Bunting wrote: >> >> After doing some quick testing, this is what I've found: >> >> The FormAuthenticationFilter only attempts to perform a login if the >> parameters are passed to your login page. This login result is saved in >> your session and you are redirected to your originally requested page >> (Reports.jsp). However, you need your session id to retain your "logged >> in" >> state. >> >>
