Apache Shiro anon filter not working

Question

I have a project where I am trying to use Apache Shiro to implement a security layer. For the most part it seems to be working rather nicely. I have been using the "authc" filter up to this point and that has been working as expected. However, I'd like to move the login.jsp to a different public folder that doesn't have any stringent security requirements.

Below is the relevant shiro.ini file entries.

shiro.loginUrl = /public/pages/login.jsp

jdbcRealm = ...
:
:

ds = ...
:
:
jdbcRealm.dataSource = $ds

[users]
[roles]
[urls]
/public/**  = anon
/secure/**  = authc
/logout     = logout

When the /public/** = authc or anon, I can try to go directly to a page under the /secure URL and will correctly be taken to the login.jsp page. Check. Check.

After filling in the Username and Password on the login.jsp page and submitting the form, things break down...

If /public/** = authc , then I'm taken to the original page I was attempting to get to in the /secure url. So that works.

If /public/** = anon , then the login.jsp will be reloaded. I'm not sent to the page in the /secure directory I was originally attempting to get to. The same thing occurs if I don't put an entry for the /public/** URL pattern.

There seems to be some Shiro fundamental that I am missing. If you need to see anything else in the project, I have uploaded it to BitBucket here.

https://tfeinstein@bitbucket.org/tfeinstein/vikos.git

Thanks, Todd

Answer 1

Can you try to add

authc.successUrl  = "default sucess url for logged in"

at [main] block

/public/pages/login.jsp = authc 

as first line of your [urls] block