You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Sreyan Chakravarty <sr...@gmail.com> on 2015/09/09 15:41:15 UTC
Why doesn't the following work ?
I have configured my urls in the following fashion-:
[main]
authc.loginUrl = /login.jsp
authc.successUrl = /home.jsp
[urls]
/login.jsp = anon
/home.jsp = authc
/logout = logout
/account/** = authc
When I log in I remain on the log in page. Why is that ? I have declared
the success url so why am I still remaining on the login page ?
If I replace anon with authc for login.jsp and keep anon and authc for
/home.jsp, it woks fine.
Why is that ? My understanding is that the login.jsp must be visible to
only anonymous users and the /home.jsp must only be visible to
authenticated users.
So why use authc filter in login.jsp and anon filter in home.jsp.
This works fine-:
/login.jsp = authc
/home.jsp = anon, authc
/logout = logout
/account/** = authc
I just dont understand the logic.
The example was taken from -:
https://github.com/pires/simple-shiro-web-app
Re: Why doesn't the following work ?
Posted by Sreyan Chakravarty <sr...@gmail.com>.
Thanks for clarifying that.
On Wed, Sep 9, 2015 at 11:44 PM, Les Hazlewood <lh...@apache.org>
wrote:
> That line is invalid. There is no reason to configure anon and then authc
>
> --
> Les
>
> On Wed, Sep 9, 2015 at 10:25 AM, Sreyan Chakravarty <
> sreyan.mailing@gmail.com> wrote:
>
>> Okay then tell me what is the point of -:
>>
>> /home.jsp = anon, authc
>>
>> Why is home.jsp mapped to the anon filter ?
>> Shouldn't it just be mapped to the authc filter ? I mean whats the point of
>> mapping it to 2 filters. One which is not required. home.jsp is a protected
>> resource so why would anyone even map it to anonymous access.
>>
>> This is done in the follwing example-:
>>
>> https://github.com/pires/simple-shiro-web-app/blob/master/src/main/webapp/WEB-INF/shiro.ini
>>
>>
>> On Wed, Sep 9, 2015 at 8:01 PM, scSynergy <ro...@scsynergy.de>
>> wrote:
>>
>>> authc.successUrl means after the authc filter has successfully validated
>>> the
>>> user redirect her to /home.jsp
>>> /login.jsp = anon means do not apply any filter to /login.jsp, not even
>>> authc, which means authc is never called and therefore never notices a
>>> successful login attempt and therefore does not know it should redirect
>>>
>>> [main]
>>> authc.loginUrl = /login.jsp
>>> authc.successUrl = /home.jsp
>>>
>>> [urls]
>>> /login.jsp = *authc*
>>>
>>> The above code on the other hand means
>>> 1. the authc filter should treat /login.jsp as a login page - anonymous
>>> access allowed
>>> 2. if a successful login attempt is made, redirect the user to /home.jsp
>>> 3. if someone navigates to /login.jsp activate the authc filter for the
>>> request and do whatever is configured for the authc filter (loginUrl and
>>> successUrl)
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://shiro-user.582556.n2.nabble.com/Why-doesn-t-the-following-work-tp7580703p7580706.html
>>> Sent from the Shiro User mailing list archive at Nabble.com.
>>>
>>
>>
>
Re: Why doesn't the following work ?
Posted by Les Hazlewood <lh...@apache.org>.
That line is invalid. There is no reason to configure anon and then authc
--
Les
On Wed, Sep 9, 2015 at 10:25 AM, Sreyan Chakravarty <
sreyan.mailing@gmail.com> wrote:
> Okay then tell me what is the point of -:
>
> /home.jsp = anon, authc
>
> Why is home.jsp mapped to the anon filter ?
> Shouldn't it just be mapped to the authc filter ? I mean whats the point of
> mapping it to 2 filters. One which is not required. home.jsp is a protected
> resource so why would anyone even map it to anonymous access.
>
> This is done in the follwing example-:
>
> https://github.com/pires/simple-shiro-web-app/blob/master/src/main/webapp/WEB-INF/shiro.ini
>
>
> On Wed, Sep 9, 2015 at 8:01 PM, scSynergy <ro...@scsynergy.de>
> wrote:
>
>> authc.successUrl means after the authc filter has successfully validated
>> the
>> user redirect her to /home.jsp
>> /login.jsp = anon means do not apply any filter to /login.jsp, not even
>> authc, which means authc is never called and therefore never notices a
>> successful login attempt and therefore does not know it should redirect
>>
>> [main]
>> authc.loginUrl = /login.jsp
>> authc.successUrl = /home.jsp
>>
>> [urls]
>> /login.jsp = *authc*
>>
>> The above code on the other hand means
>> 1. the authc filter should treat /login.jsp as a login page - anonymous
>> access allowed
>> 2. if a successful login attempt is made, redirect the user to /home.jsp
>> 3. if someone navigates to /login.jsp activate the authc filter for the
>> request and do whatever is configured for the authc filter (loginUrl and
>> successUrl)
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Why-doesn-t-the-following-work-tp7580703p7580706.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
>
Re: Why doesn't the following work ?
Posted by Sreyan Chakravarty <sr...@gmail.com>.
Okay then tell me what is the point of -:
/home.jsp = anon, authc
Why is home.jsp mapped to the anon filter ?
Shouldn't it just be mapped to the authc filter ? I mean whats the point of
mapping it to 2 filters. One which is not required. home.jsp is a protected
resource so why would anyone even map it to anonymous access.
This is done in the follwing example-:
https://github.com/pires/simple-shiro-web-app/blob/master/src/main/webapp/WEB-INF/shiro.ini
On Wed, Sep 9, 2015 at 8:01 PM, scSynergy <ro...@scsynergy.de>
wrote:
> authc.successUrl means after the authc filter has successfully validated
> the
> user redirect her to /home.jsp
> /login.jsp = anon means do not apply any filter to /login.jsp, not even
> authc, which means authc is never called and therefore never notices a
> successful login attempt and therefore does not know it should redirect
>
> [main]
> authc.loginUrl = /login.jsp
> authc.successUrl = /home.jsp
>
> [urls]
> /login.jsp = *authc*
>
> The above code on the other hand means
> 1. the authc filter should treat /login.jsp as a login page - anonymous
> access allowed
> 2. if a successful login attempt is made, redirect the user to /home.jsp
> 3. if someone navigates to /login.jsp activate the authc filter for the
> request and do whatever is configured for the authc filter (loginUrl and
> successUrl)
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Why-doesn-t-the-following-work-tp7580703p7580706.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Why doesn't the following work ?
Posted by scSynergy <ro...@scsynergy.de>.
authc.successUrl means after the authc filter has successfully validated the
user redirect her to /home.jsp
/login.jsp = anon means do not apply any filter to /login.jsp, not even
authc, which means authc is never called and therefore never notices a
successful login attempt and therefore does not know it should redirect
[main]
authc.loginUrl = /login.jsp
authc.successUrl = /home.jsp
[urls]
/login.jsp = *authc*
The above code on the other hand means
1. the authc filter should treat /login.jsp as a login page - anonymous
access allowed
2. if a successful login attempt is made, redirect the user to /home.jsp
3. if someone navigates to /login.jsp activate the authc filter for the
request and do whatever is configured for the authc filter (loginUrl and
successUrl)
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Why-doesn-t-the-following-work-tp7580703p7580706.html
Sent from the Shiro User mailing list archive at Nabble.com.