Just wanted to share a simple modification I have made by inheriting
BasicHttpAuthenticationFilter.
It is really a trivial change but can be useful to others that support a
rich client and want to make the api available via curl and other simple
clients for testing, etc..
by overriding onAccessDenied
protected boolean onAccessDenied(ServletRequest request, ServletResponse
response) throws Exception {
if (isLoginAttempt(request, response)) {
executeLogin(request, response);
}
return true;
}
allows the web client to perform login using forms (or whatever method you
prefer) without having the browser interpret the HTTP simple auth challenge
and present its own login entry, while allowing simple script acces in the
form of curl -u username:password ... .
Of course this assumes that authorization/authentication happens downstream.
Mike.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/simple-auth-hack-tp5623918p5623918.html
Sent from the Shiro User mailing list archive at Nabble.com.
