Hi ! My project have a one entrance url /xxx for several rpc commands so authentication is not on a per-url basis. It means that : - I do not call the method "addFilterChain" in my configureShiroWeb() for /xxx - security is on a per-method basis thanks to annotations
I'd like to be able to change the behavior of shiro and send a "HTTP Error 401" if the access is denied for one particular method. I think there are 2 ways to do that : - catch authorization or authorization exception to manage them - change the behavior of the default filterchain by overriding the corresponding method Unfortunately I'm stucked for both : For the first one, I have tried to execute the FilterChain in a try/catch block but it did not catch anything. The original idea was in http://stackoverflow.com/questions/10342213/how-to-handle-unauthenticatedexception-with-shiro this post on stackoverflow For the second one, I do not know what is the default filterchain class so I can't override it. The only information I have in the log is : /TRACE o.a.s.w.s.AbstractShiroFilter - No FilterChain configured for the current request. Using the default./ Thanks in advance for your help -- View this message in context: http://shiro-user.582556.n2.nabble.com/change-shiro-behavior-on-access-denied-tp7577478.html Sent from the Shiro User mailing list archive at Nabble.com.
