Q1: How can I redirect to unauthenticated url(or any page/way to say user that credentials were incorrect) after credentials entered incorrectly.
Q2: What is the normal/default behaviour for shiro when credentials are incorrect? (does it send -back to login, -unauthorized page, -some message)
INFO: shiro integration with spring. I use my own credentials. And I have tried to throw IncorrectCredentialsException, WebApplicationException in doGetAuthenticationInfo method of MyRealm when username/password is wrong. No help. I debugged and it's using MyRealm when login form posted.(debug stopped in doGetAuthenticationInfo method of my Realm)
Here is part of my spring settings for shiro
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login.html"/>
<property name="successUrl" value="/rest/security/redirect"/>
<property name="unauthorizedUrl" value="/unauthorized.html"/>
<property name="filterChainDefinitions">
<value>
/login.html = authc
/logout = logout
/apps/admin/** = authc, roles[admin]
Note: settings for web.xml and others are configured. Authentication, authorization and any other redirects working as a charm except login redirect after wrong credentials.