I see, that's good to clarify. I don't quite see how I would add a second authenticator. Would it be something like this?
mobileauthc = MobileAutenticatingFilter mobileauthc.errorUrl = /api/stateful/api/authError.jsp [urls] /index.jsp = anon /api/stateful/* = mobileauthc /pages/logon.jsp = authc /pages/** = authc In this new authenticator would you recommend I subclass from AuthenticatingFilter? When it is called, how do I know if I already have an authenticated client? Thanks! Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/Seconday-authentication-without-a-form-tp6089493p6089888.html Sent from the Shiro User mailing list archive at Nabble.com.
