Damn, I only now find out that I have replies to my question. Kalle, I have an app that sometimes (depending on some conf init parameter) should use the typical login "inapp" sequence (tapestry login page and out of the box tapestry-shiro integration) but at other times the authentication should be handled by apache that proxies jee container and auth info is passed as XX header.
So in one case I don't need any conf file at all and in the second i need a shiro.ini file to overrride default authc filter and also to mark number of URLs to be accessible by anonymous users: [main] authc=com.programeter.web.filters.RemoteUserAuhtenticationFilter [urls] /assets/**=anon /register*=anon /register/**=anon /unauthorized*=anon /unauthorized/**=anon /changepassword*=anon /changepassword/**=anon /remindpassword*=anon /remindpassword/**=anon /**=authc Kalle, thanks for raising this in Jira -> will vote and follow it! -- View this message in context: http://tapestry-users.832.n2.nabble.com/T5-1-and-Tynamo-Security-override-a-Shiro-Filter-tp5769989p6191642.html Sent from the Tapestry Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org