You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Krishan Senevirathne <kr...@gmail.com> on 2011/08/04 08:10:28 UTC

401-Unauthorized page overriding

Hi,
If the [url] section of the .ini looks like this,

[urls]
/users/** = authc, roles[user], perms["users:html:view"]

if i try to access a page with in users directory from a role other than
user, browser shows the 401 error page.
Is there a way to override that page and show our own unauthorized page?(is
there a tag to be added in the [filters] section as added for loginUrl)

Thanks in advance

cheers
Krishan

Re: 401-Unauthorized page overriding

Posted by Jared Bunting <ja...@peachjean.com>.

The "roles" filter subclasses AuthorizationFilter, which provides a
"unauthorizedUrl" property.  See the doc here:

http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authz/AuthorizationFilter.html#setUnauthorizedUrl(java.lang.String)
<http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authz/AuthorizationFilter.html#setUnauthorizedUrl%28java.lang.String%29>

I suspect that will do what you want.

-Jared

On 08/04/2011 01:10 AM, Krishan Senevirathne wrote:
> Hi,
> If the [url] section of the .ini looks like this,
>
> [urls]
> /users/** = authc, roles[user], perms["users:html:view"]
>
> if i try to access a page with in users directory from a role other
> than user, browser shows the 401 error page.
> Is there a way to override that page and show our own unauthorized
> page?(is there a tag to be added in the [filters] section as added for
> loginUrl)
>
> Thanks in advance
>
> cheers
> Krishan