Hi, yes, the Web filter would be the appropriate solution. Make sure your filter ordering is correct, as your filter needs to go after the Shiro filter. See https://shiro.apache.org/jakarta-ee.html <https://shiro.apache.org/jakarta-ee.html> ordering section for more details.
> On May 9, 2024, at 8:40 AM, Roberto Bottoni <[email protected]> wrote: > > I have a Maven project running with Tomcat 10.1.20 and JDK 21. > > Apache Shiro works well, but now I want to integrate an OTP (One Time > Password) validation during the login phase (after the user has entered > username and password) > > I googled and found these (very old) articles: > > https://stackoverflow.com/questions/24666841/apache-shiro-and-multi-factor-authentication > https://stackoverflow.com/questions/40783197/two-factor-authentication-using-shiro > > so should I use a webfilter or does Shiro have a built-in feature for this? > > Roberto. >
