You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Janario (JIRA)" <ji...@apache.org> on 2015/03/12 05:45:38 UTC

[jira] [Created] (SHIRO-528) Foward from a noSessionCreation to a path that allow should allow create session

Janario created SHIRO-528:
-----------------------------

             Summary: Foward from a noSessionCreation to a path that allow should allow create session
                 Key: SHIRO-528
                 URL: https://issues.apache.org/jira/browse/SHIRO-528
             Project: Shiro
          Issue Type: Bug
          Components: Web
    Affects Versions: 1.2.3
         Environment: jsf, rest, shiro
            Reporter: Janario


If I define a error-page that need session for example with jsf:
<error-page>
	<error-code>404</error-code>
	<location>/jsf/my-notfound.xhtml</location>
</error-page>

Define filters as:
[urls]
/jsf/login.xhtml = authc
/integrations-rest/** = anon, noSessionCreation
/jsf/my-notfound.xhtml = anon
/** = authc

If I try to GET a not found url from /integrations-rest/something it will redirect to /jsf/my-notfound.xhtml but it fails once it can't create a session.


It should clean the request attribute in the afterCompletion method. So after foward it will reaply the filters
request.removeAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)