[GitHub] [shiro] Divyanshgarg commented on issue #1028: Tomcat 10.1 and Shiro 2.x giving javax.servlet Error

Fri, 11 Aug 2023 02:40:01 -0700 


Divyanshgarg commented on issue #1028:
URL: https://github.com/apache/shiro/issues/1028#issuecomment-1674468225

   > @Divyanshgarg: I would suggest to check this classe.
   
   Please refer to the below filter class getting used in my codebase.
   And `FormAuthenticationFilter` is also using internally `jakarta.servlet.*` 
as I am using jakarta artifact. Let me know what else I can try.
   
   ```
   package com.finmechanics.fmcom.crypto;
   
   import jakarta.servlet.FilterChain;
   import jakarta.servlet.ServletException;
   import jakarta.servlet.ServletRequest;
   import jakarta.servlet.ServletResponse;
   import jakarta.servlet.http.HttpServletResponse;
   import org.apache.shiro.SecurityUtils;
   import org.apache.shiro.session.Session;
   import org.apache.shiro.subject.Subject;
   import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
   import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
   import org.apache.shiro.web.servlet.ShiroHttpServletResponse;
   import com.finmechanics.logging.FmLogger;
   import com.finmechanics.logging.FmLoggerFactory;
   
   import java.io.IOException;
   
   public class ShiroAjaxAuthenticator extends FormAuthenticationFilter {
   
       protected static final FmLogger logger = 
FmLoggerFactory.getLogger(ShiroAjaxAuthenticator.class);
   
       protected boolean isAccessAllowed(ServletRequest request, ServletResponse
               response, Object mappedValue) {
           return super.isAccessAllowed(request,response,mappedValue);
       }
   
       @Override
       public void doFilterInternal(ServletRequest servletRequest, 
ServletResponse servletResponse, FilterChain filterChain) throws 
ServletException, IOException {
           super.doFilterInternal(servletRequest,servletResponse,filterChain);
           Subject subject=SecurityUtils.getSubject();
           Session session=subject.getSession(false);
           if(session!=null) {
               session.touch();
           }
       }
   
       @Override
       protected boolean onAccessDenied(ServletRequest servletRequest, 
ServletResponse servletResponse) throws Exception {
           ShiroHttpServletRequest httpServletRequest = 
(ShiroHttpServletRequest) servletRequest;
           ShiroHttpServletResponse httpServletResponse = 
(ShiroHttpServletResponse) servletResponse;
           if (isLoginRequest(servletRequest, servletResponse)) {
               return true;
           } else {
               logger.debug("AUTH Unauthenticated dwr request " + 
httpServletRequest.getRequestURI());
               httpServletResponse.sendError (HttpServletResponse.SC_FORBIDDEN,
                       "Invalid login or else Server is way too busy at this 
time");
               return false;
           }
       }
   }
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to