Hello, Thanks for the replies, for some reasons I did not receive any mail from the list, but I can see answers in the web based archive. I guess this is due to my (very) recent subscription.
Here is my web.xml: <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> shiro.ini: [main] securityManager.sessionMode = native authc.loginUrl = login.html [users] julien = password, role1, role2 [urls] /login.html = anon /* = authc Here is my login.html form: <form action="" id="loginForm" method="post"> Username: <input type="text" name="username"/> <br/> Password: <input type="password" name="password"/><br/> <input type="checkbox" name="rememberMe" value="false"/>Remember Me? <br/> <input type="submit" name="submit" value="Login" /> </form> This is only an early test, in the futur I plan to move login.html to GWT code and to manage RPC. By now, I'd like to get this working the following way: 1) User queries the application url 2) User get redirected to the login page and provide credentials 3) User is logged in and get redirected back to the application. By now, I get stuck on the login page. Not sure why this does not work. At some point, I thought this might be due to the embedded jetty server, but I get the same result once deployed on tomcat. -- Best Regards, Julien 2011/10/31 Julien Muller <[email protected]> > > Hello, > I am evaluating security solutions for a GWT application. > I like the shiro approach since it seems simple and easy to plug to ldap, but I am afraid I did not really find working examples or tutorial about this context. > I acknowledge you cannot use shiro classes from client side (javascript), but do not think this should be a problem. > My understanding about what I should do (simple version with local users defined in shiro.ini): > - Add IniShiroFilter to my web.xml > - add shiro.ini with authc.loginUrl = login.html, users and urls. > - Add a login.html page > - I will handle rpc security afterwards passing credentials in my payload and perform server side validation for each call. > Up to know, I can tell my shiro.ini is taken into account, the application can forward to login.html, but then nothing else is done. > I have seen in this tutorial: http://www.brucephillips.name/blog/print.cfm?id=7766522C-3048-7B4D-A96E8EA958A8E540 > that a custom servlet is implemented for login. It seems to me it should be handled automatically by shiro (or not?). > Furthermore, shiro documentation let me believe that after login, the user will be automatically redirected to his original request page, which is definitely not the case during my tests. > Any help or guidance would be appreciated. > -- > > Best Regards, > Julien >
