Shiro redirecting back to login page after wrong/false credentials(username/password)

285 views Asked by At

Q1: How can I redirect to unauthenticated url(or any page/way to say user that credentials were incorrect) after credentials entered incorrectly.

Q2: What is the normal/default behaviour for shiro when credentials are incorrect? (does it send -back to login, -unauthorized page, -some message)

INFO: shiro integration with spring. I use my own credentials. And I have tried to throw IncorrectCredentialsException, WebApplicationException in doGetAuthenticationInfo method of MyRealm when username/password is wrong. No help. I debugged and it's using MyRealm when login form posted.(debug stopped in doGetAuthenticationInfo method of my Realm)

Here is part of my spring settings for shiro

<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
    <property name="securityManager" ref="securityManager"/>
    <property name="loginUrl" value="/login.html"/>
    <property name="successUrl" value="/rest/security/redirect"/>
    <property name="unauthorizedUrl" value="/unauthorized.html"/>

    <property name="filterChainDefinitions">
        <value>
            /login.html = authc
            /logout = logout
            /apps/admin/** = authc, roles[admin]

Note: settings for web.xml and others are configured. Authentication, authorization and any other redirects working as a charm except login redirect after wrong credentials.

0

There are 0 answers