Hi -- In my app, after a user logs in, I want to display a license page and have them click on Accept or Decline. While this page is displayed, they shouldn't be able to access any authc-protected pages.
I thought I would extend my FormAuthenticationFilter-based class so that: 1. on successful login, if the license hadn't been already accepted, it would forward to the license page. 2. until the user clicks on Accept, access to the site pages would be denied. Do you think that this is a reasonable approach (to ask Shiro to do this) or .. is it really outside the realm of a security system? It's almost like I need a "two-stage" logon process! Thanks, Dan -- View this message in context: http://shiro-user.582556.n2.nabble.com/License-accept-decline-page-tp6221944p6221944.html Sent from the Shiro User mailing list archive at Nabble.com.
