You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by manitas <ma...@gmail.com> on 2012/06/08 02:15:03 UTC
change shiro behavior on access denied
Hi !
My project have a one entrance url /xxx for several rpc commands so
authentication is not on a per-url basis.
It means that :
- I do not call the method "addFilterChain" in my configureShiroWeb() for
/xxx
- security is on a per-method basis thanks to annotations
I'd like to be able to change the behavior of shiro and send a "HTTP Error
401" if the access is denied for one particular method.
I think there are 2 ways to do that :
- catch authorization or authorization exception to manage them
- change the behavior of the default filterchain by overriding the
corresponding method
Unfortunately I'm stucked for both :
For the first one, I have tried to execute the FilterChain in a try/catch
block but it did not catch anything. The original idea was in
http://stackoverflow.com/questions/10342213/how-to-handle-unauthenticatedexception-with-shiro
this post on stackoverflow
For the second one, I do not know what is the default filterchain class so I
can't override it.
The only information I have in the log is :
/TRACE o.a.s.w.s.AbstractShiroFilter - No FilterChain configured for the
current request. Using the default./
Thanks in advance for your help
--
View this message in context: http://shiro-user.582556.n2.nabble.com/change-shiro-behavior-on-access-denied-tp7577478.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: change shiro behavior on access denied
Posted by Jared Bunting <ja...@peachjean.com>.
If you are using the authcBasic filter for authentication, then I think
that configuring it as authcBasic[permissive] will achieve your desired
behavior.
So, something like this:
/** = authcBasic[permissive]
This permissive feature should:
1. Check if request includes authentication info. If so, attempt to
authenticate. If authentication fails, return the appropriate
challenge (401).
2. If authentication succeeds, or request does not include
authentication info, forward request on to the application.
3. If UnauthenticatedException is thrown (subclass of
AuthorizationException, indicates that user, in addition to not being
authorized, is not logged in), then return appropriate challenge (401).
4. If Any other AuthorizationException is thrown, return a
"Unauthorized" error (403).
Hope that helps,
Jared
On Thu 07 Jun 2012 07:15:03 PM CDT, manitas wrote:
> Hi !
>
> My project have a one entrance url /xxx for several rpc commands so
> authentication is not on a per-url basis.
> It means that :
> - I do not call the method "addFilterChain" in my configureShiroWeb() for
> /xxx
> - security is on a per-method basis thanks to annotations
>
> I'd like to be able to change the behavior of shiro and send a "HTTP Error
> 401" if the access is denied for one particular method.
>
> I think there are 2 ways to do that :
> - catch authorization or authorization exception to manage them
> - change the behavior of the default filterchain by overriding the
> corresponding method
>
> Unfortunately I'm stucked for both :
>
> For the first one, I have tried to execute the FilterChain in a try/catch
> block but it did not catch anything. The original idea was in
> http://stackoverflow.com/questions/10342213/how-to-handle-unauthenticatedexception-with-shiro
> this post on stackoverflow
>
> For the second one, I do not know what is the default filterchain class so I
> can't override it.
> The only information I have in the log is :
> /TRACE o.a.s.w.s.AbstractShiroFilter - No FilterChain configured for the
> current request. Using the default./
>
>
> Thanks in advance for your help
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/change-shiro-behavior-on-access-denied-tp7577478.html
> Sent from the Shiro User mailing list archive at Nabble.com.