You could just create another servlet filter and check some field to see if your user has agreed or not. I don't think this is really in the scope of Shiro, but... I have a feeling this field is stored in the same place as your user info is. If that is the case then it grays the water a bit, as a second filter may require an extra query to your backend.
On Wed, Mar 30, 2011 at 2:00 AM, dan <[email protected]> wrote: > Hi -- > > In my app, after a user logs in, I want to display a license page and have > them click on Accept or Decline. While this page is displayed, they > shouldn't be able to access any authc-protected pages. > > I thought I would extend my FormAuthenticationFilter-based class so that: > 1. on successful login, if the license hadn't been already accepted, it > would forward to the license page. > 2. until the user clicks on Accept, access to the site pages would be > denied. > > Do you think that this is a reasonable approach (to ask Shiro to do this) or > .. is it really outside the realm of a security system? It's almost like I > need a "two-stage" logon process! > > Thanks, > Dan > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/License-accept-decline-page-tp6221944p6221944.html > Sent from the Shiro User mailing list archive at Nabble.com. >
