shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tcharlie <>
Subject Re: BasicHttpHeader and jsp links
Date Mon, 20 Jul 2009 15:13:18 GMT

Les Hazlewood-2 wrote:
>>> How is does the user authenticate with your application?  Do they fill
>>> in and submit a form or are you using Basic HTTP Authentication or
>>> some other method?
>> I've got a jsp form to authenticate my users. the link is good because if
>> my
>> user is not authenticated, he is redirected on my login page
> You need to tell the authentication filter what your login url is so
> it knows where to redirect if a user is not authenticated:
> [main]
> authc.loginUrl = /some/path/to/login.jsp
> Cheers,
> Les

It's already done and it works fine.

I forgot to precise that I can't use the  FormAuthenticationFilter (I don't
know wich filter you put as default)r, because my authentication token
encloses 3 params (username, password and mandator, wich represent the
authorisation context (toto may be the hsbc chairman (full application
access), but Citybank customer (restricted access)).
My realm supports this token but FormAuthenticationFilter throws a
listenerstart error if I use it.

Unfortunately, the link I have to clic on is not hidden to the unauthorized
users resulting an access permitted by ki when I clic on, but a 
" Etat HTTP 401 -

type Rapport d'�tat


description La requ�te n�cessite une authentification HTTP ().
Apache Tomcat/6.0.18" 

I deduce that ki allowed me to pass (I wasn't redirected on login page) and
challenged my http Headers. Due to the fact that I don't have the
authentication header (I lost it when I clicked on the link), the server
doesn't allow me see my page... 
View this message in context:
Sent from the Shiro User mailing list archive at

View raw message