shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sreyan Chakravarty <sreyan.mail...@gmail.com>
Subject Fwd: Need help understanding PassThruAuthenticationFilter
Date Thu, 10 Sep 2015 19:50:04 GMT
Okay I am new to Shiro and I am having trouble understanding the difference
between PassThruAuthenticationFilter and FormAuthenticationFilter

Okay now my questions are-:


   1. The PassThruAuthenticationFilter does not handle any login. It just
   redirects based on the type of request. But the
   FormAuthenticationFilter actually can login the user. Am I right ?
   2. When defining a form that uses the PassThruAuthenticationFilter the
   form must have a valid action field pointing to the user defined
   LoginController. While for the
   FormAuthenticationFilter no form action needs to be specified since the
   filter itself will take care of login.
   3. I was looking at the src of the
   PassThruAuthenticationFilter. If the request is to the login page ie. is
   a login request then the filter returns true and lets the application code
   handle the process. But if its not then it redirects to the login page. Now
   this is fine in case of unauthenticated users. But what if the user is
   authenticated ? What then ? will the user still be redirected to the login
   page ? Because that's what the code implies.

Mime
View raw message