You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Janario (JIRA)" <ji...@apache.org> on 2015/03/12 05:45:38 UTC
[jira] [Created] (SHIRO-528) Foward from a noSessionCreation to a
path that allow should allow create session
Janario created SHIRO-528:
-----------------------------
Summary: Foward from a noSessionCreation to a path that allow should allow create session
Key: SHIRO-528
URL: https://issues.apache.org/jira/browse/SHIRO-528
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.2.3
Environment: jsf, rest, shiro
Reporter: Janario
If I define a error-page that need session for example with jsf:
<error-page>
<error-code>404</error-code>
<location>/jsf/my-notfound.xhtml</location>
</error-page>
Define filters as:
[urls]
/jsf/login.xhtml = authc
/integrations-rest/** = anon, noSessionCreation
/jsf/my-notfound.xhtml = anon
/** = authc
If I try to GET a not found url from /integrations-rest/something it will redirect to /jsf/my-notfound.xhtml but it fails once it can't create a session.
It should clean the request attribute in the afterCompletion method. So after foward it will reaply the filters
request.removeAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)