Details
-
Improvement
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
1.2.1
-
None
-
None
Description
I just started learning Shiro and I struggled a bit to integrate a simple form based login into my web application. My mistake was to exclude the loginUrl from the urls covered by the FormAuthenticationFilter. I assumed the login form had to be accessible to anonymous users, so my configuration looked like this:
[main] authc.loginUrl = /account/login.jsp [urls] /account/login.jsp = anon /account/register.jsp = anon /account/reset.jsp = anon /account/** = authc
But this doesn't work because login.jsp must be processed by authc.
I would suggest mentioning this detail in the reference manual, that wasn't obvious at first glance (but maybe I didn't read carefully enough).