gistfile1.txt

[main]
# set authentication filter to pass thru (redirect to login page and let auth be handled there)
;authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

# set login url
user.loginUrl = /login.xhtml
authc.loginUrl = /login.xhtml
;logout.redirectUrl = /login.xhtml

# redirect url called after successful login
authc.successUrl = /index.xhtml

authc.usernameParam = username
authc.passwordParam = password

# see rememberMe and JSESSIONID cookie
authc.rememberMeParam = rememberMe

authc.failureKeyAttribute = shiroLoginFailure

# Preconfigured password matcher that uses SHA-256 with 500000 hash iterations and a Salt
passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher
iniRealm.credentialsMatcher = $passwordMatcher

[users]
admin = $shiro1$SHA-256$500000$GCgWy0vaMQDhVbFGT6jBEw==$GXGb/BduuS8goR2zoxOEeeIhzpKbTBo6Z/Fp0iZYtgs=, root,
user = $shiro1$SHA-256$500000$GCgWy0vaMQDhVbFGT6jBEw==$GXGb/BduuS8goR2zoxOEeeIhzpKbTBo6Z/Fp0iZYtgs=, Users
;admin = test123


[urls]
# filter setup for secured pages
/javax.faces.resource/** = anon
/login.xhtml = authc

# when /shirotest/logout is invoked default redirect url / is used see LogoutFIlter.java
/logout = logout

#user filter is needed for rememberme to work
#to visit any page you must be authenticated (identity check during session). This should be used for sensitive parts of the application
;/** = authc
# to visit any page you must be known as a user (through remember me i.e.). If not you have to login
/** = user
;/shiroTesting/** = authc
;/shiroTesting/** = user

# make page only available for role
;/admin/** = authc, roles[administrator]