IDE: Netbeans
When I start my app it displays the login.jsp page but the URL is /. All logins fail on / but will work if I type in login.jsp in the address bar.
Could anyone explain why this is so? Can I force the system to always display the login.jsp
shiro.ini
[main]
authc.loginUrl = /login.jsp
user.loginUrl = /login.jsp
authc.usernameParam = username
authc.passwordParam = password
authc.rememberMeParam = rememberme
authc.successUrl = /index.jsp
logout.redirectUrl = /login.jsp
jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.authenticationQuery = SELECT password from user where username = ?
jdbcRealm.userRolesQuery = select role from userroles where userID = (select id FROM user WHERE username = ?)
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.serverName = localhost
ds.user = responseablees
ds.password = responseablees
ds.databaseName = evaluationdb
jdbcRealm.dataSource= $ds
passwordMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
credentialsMatcher = org.apache.shiro.authc.credential.HashedCredentialsMatcher
credentialsMatcher.hashAlgorithmName = SHA-256
credentialsMatcher.storedCredentialsHexEncoded = true
credentialsMatcher.hashIterations = 5000
[users]
guest = guest,admin
[roles]
;admin = *
[urls]
/login.jsp = authc
/index.jsp = authc
/questionSetup1.jsp = user
/logout = logout
If you want to secure your application as a whole, this should work for you:
[urls]
/questionSetup1.jsp = user
/logout = logout
/** = authc
The statement /** = authc covers all resources provided by your application. The mistake in your configuration is protecting your resources explicitly. Only login and index has been covered by your authc filter implementation, leaving other resources exposed.
Keep in mind, "Order Matters!". URL path expressions are evaluated against an incoming request in the order they are defined. The first match wins. Means: Define exceptions (/rest/cars) before generalisations (/rest/**).