Hi -- In my web application, I have the normal form-based login for users, which is working fine -- I'm using authc.
I also have requests from a mobile device that arrive in a particular directory, such as /api/getStatus.jsp and /api/getPosition.jsp. These requests might have parameters j_username and j_password. From a particular mobile device, I want authentication to occur using the j_ parameters the first time they are seen and then have it use the JSESSIONID cookie after that (ignoring any passed j_ parameters). Also, if access is denied, I wish to return a jsp page, AuthError.jsp. If authentication succeeds, I then wish to return to the /api/xxx.jsp routine to run. I have tried a few things, but would be very interested if you could steer me in the right direction! I think I need a second AutenticatingFilter but one problem I have is I don't know how the shiro configuration should look or exactly what it should do... Also, I don't want a form to be displayed but for the j_ parameters to be plucked from the passed in routine and processed. Thanks, Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/Seconday-authentication-without-a-form-tp6089493p6089493.html Sent from the Shiro User mailing list archive at Nabble.com.
