If you are using the authcBasic filter for authentication, then I think that configuring it as authcBasic[permissive] will achieve your desired behavior.
So, something like this: /** = authcBasic[permissive] This permissive feature should: 1. Check if request includes authentication info. If so, attempt to authenticate. If authentication fails, return the appropriate challenge (401). 2. If authentication succeeds, or request does not include authentication info, forward request on to the application. 3. If UnauthenticatedException is thrown (subclass of AuthorizationException, indicates that user, in addition to not being authorized, is not logged in), then return appropriate challenge (401). 4. If Any other AuthorizationException is thrown, return a "Unauthorized" error (403). Hope that helps, Jared On Thu 07 Jun 2012 07:15:03 PM CDT, manitas wrote: > Hi ! > > My project have a one entrance url /xxx for several rpc commands so > authentication is not on a per-url basis. > It means that : > - I do not call the method "addFilterChain" in my configureShiroWeb() for > /xxx > - security is on a per-method basis thanks to annotations > > I'd like to be able to change the behavior of shiro and send a "HTTP Error > 401" if the access is denied for one particular method. > > I think there are 2 ways to do that : > - catch authorization or authorization exception to manage them > - change the behavior of the default filterchain by overriding the > corresponding method > > Unfortunately I'm stucked for both : > > For the first one, I have tried to execute the FilterChain in a try/catch > block but it did not catch anything. The original idea was in > http://stackoverflow.com/questions/10342213/how-to-handle-unauthenticatedexception-with-shiro > this post on stackoverflow > > For the second one, I do not know what is the default filterchain class so I > can't override it. > The only information I have in the log is : > /TRACE o.a.s.w.s.AbstractShiroFilter - No FilterChain configured for the > current request. Using the default./ > > > Thanks in advance for your help > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/change-shiro-behavior-on-access-denied-tp7577478.html > Sent from the Shiro User mailing list archive at Nabble.com.
