Question posted in 
I tried to use authentication with Apache Shiro on my project, but without succes. I can’t discover where is the trouble. I need only that whoever user access the page /pages/principal/products.xhtml directly, choose the product to buy and then be redirect to /purchase.xhtml to finish the purchase, but in my case all requests that I try are redirect to /login.xhtml page. Does anyone have any suggestions? code below. thanks!
shiro.ini
[main]
authc.loginUrl = /login.xhtml
authc.successUrl = /index.xhtml
[users]
[email protected] = adminfaces, admin
[email protected] = user, customer
[roles]
admin = *
customer = purchases
[urls]
/index.xhtml = anon
/pages/principal/products = anon
/login.xhtml = authc
/javax.faces.resource/** = anon
/logout = logout
/pages/purchase/** = authc
/protected/** = authc, roles[admin]
web.xml
...
<listener>
<listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
...
2
Answers
I was able to solve my trouble. I'm using now redhat PicketLink solution. It's uses a fluent java language to configure paths to secure and it has a lower learnig curve. I'm considering Apache Shiro a great API for security, but I have a little time to learn it. thanks for your helps @Brian Demers.
My guess is you need to change the line:
/pages/principal/products = anonto/pages/principal/products.xhtml = anonYou might also be able to use permissive filter too