[
https://issues.apache.org/jira/browse/SHIRO-528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Janario updated SHIRO-528:
--------------------------
Attachment: Clean_NoSession_Filter.patch
Attached a patch
> Foward from a noSessionCreation to a path that allow should allow create
> session
> --------------------------------------------------------------------------------
>
> Key: SHIRO-528
> URL: https://issues.apache.org/jira/browse/SHIRO-528
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.2.3
> Environment: jsf, rest, shiro
> Reporter: Janario
> Attachments: Clean_NoSession_Filter.patch
>
>
> If I define a error-page that need session for example with jsf:
> <error-page>
> <error-code>404</error-code>
> <location>/jsf/my-notfound.xhtml</location>
> </error-page>
> Define filters as:
> [urls]
> /jsf/login.xhtml = authc
> /integrations-rest/** = anon, noSessionCreation
> /jsf/my-notfound.xhtml = anon
> /** = authc
> If I try to GET a not found url from /integrations-rest/something it will
> redirect to /jsf/my-notfound.xhtml but it fails once it can't create a
> session.
> It should clean the request attribute in the afterCompletion method. So after
> foward it will reaply the filters
> request.removeAttribute(DefaultSubjectContext.SESSION_CREATION_ENABLED);
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
