You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by vmadhipatla <vm...@yahoo.com> on 2013/04/17 15:41:32 UTC
shiro Redirection
Hi,
After authentication is done with /shiro-cas, it redirects to the web app
root context.
We are having an issue with this when making Ajax XmlHttpRequest from java
script in the browser.
This is because of CORS issues (Cross origin resource sharing). Since the
browser is in a different domain than the server, browser stops at 302 and
doesn't go to redirected root context.
We usually work around this by adding Access-control-Allow-Origin,
Access-control-Expose-Header flags to response headers. I tried to do the
same thing by adding these in the servlet filter after shirofilter. But it
doesn't work only for 302. I guess custom headers added for 302 doesn't work
or i'm missing something.
Anyone has any idea?
Thanks
Venkat
--
View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: shiro Redirection
Posted by vmadhipatla <vm...@yahoo.com>.
Yes. But for browser which is in different domain, when it gets the 302
redirect, It doesn't have the header flags for CORS. That's why it blocks
the redirection. My web app resources all have the header added through
servlet filter. But this is not working only for redirection from /shiro-cas
to the web app root context.
We fixed CAS too to have these flags. That's why Ajax code is able to get
the service ticket etc from CAS successfully.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608p7578612.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: shiro Redirection
Posted by jleleu <le...@gmail.com>.
In this case, it's pretty strange because your root context must be on the
same host as the /shiro-cas, isn't it ?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608p7578611.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: shiro Redirection
Posted by vmadhipatla <vm...@yahoo.com>.
We get CAS tickets programmatically. This redirection is not from our webapp
to CAS.
It's from /shiro-cas to our web root context in the same web app.
Java script gets the service ticket from CAS and makes the
/shiro-cas?ticket=ST
Once this is validated it's redirected from /shiro-cas to our web app root
context. That's where the browser stops at 302 and doesn't go to our web app
root context.
Thanks
Venkat
--
View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608p7578610.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: shiro Redirection
Posted by jleleu <le...@gmail.com>.
Hi,
I'm not sure to understand clearly, which 302 fails (to CAS server or from
CAS server) ? Because I think both can have CORS issues...
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608p7578609.html
Sent from the Shiro User mailing list archive at Nabble.com.