http://shiro.apache.org/webapp-tutorial.html
Step 3b: Add a login page Since Step 3a enabled login and logout support, now we need to ensure there is actually a /login.jsp page to display a login form. The step3 branch contains a new src/main/webapp/login.jsp page. This is a simple enough bootstrap-themed HTML login page, but there are four important things in it: The form’s action value is the empty string. When a form does not have an action value, the browser will submit the form request to the same URL. This is fine, as we will tell Shiro what that URL is shortly so Shiro can automatically process any login submissions. The /login.jsp = authc line in shiro.ini is what tells the authc filter to process the submission. There is a username form field. The Shiro authc filter will automatically look for a username request parameter during login submission and use that as the value during login (many Realms allow this to be an email or a username). There is a password form field. The Shiro authc filter will automatically look for a password request parameter during login submission. There is a rememberMe checkbox whose ‘checked’ state can be a ‘truthy’ value (true, t, 1, enabled, y, yes, or on). Our login.jsp form just uses the default username, password, and rememberMe form field names. They naems are configurable if you wish to change them - see the FormAuthenticationFilter JavaDoc for information.