My login page is located under 'mydomain.com/app/account/login.jsp'. To
hide the jsessionid when landing on the login page I added the following to
my ShiroGuiceModule:
addFilterChain("/app/account/**", AUTHC, NO_SESSION_CREATION); // before I
only had AUTHC filter there
So basically the trick seems to be to not create a session until the user
logs in.
If you're using .ini configuration it shouldn't be too hard to adapt that I
think.
Btw: If there is something wrong with this approach please tell me!
HTH,
Alex
On Fri, Jul 26, 2013 at 7:24 AM, Nagaraju Kurma <
[email protected]> wrote:
> thanks for your suggestions,
> here i am using native session but not servlet session.
>
> when shiro session was extended from servlet session it has got some more
> extra activities.
> i searched in google and tried with the following different options
>
>
> 1) in web.xml
> -----------------
>
> <session-config>
> <tracking-mode>COOKIE</tracking-mode></session-config>
>
>
>
>
> 2) context.xml
>
>
> <?xml version='1.0' encoding='utf-8'?><Context docBase="PATH_TO_WEBAPP"
> path="/CONTEXT" disableURLRewriting="true"></Context>
>
>
> 3) added on filter
>
>
> *package net.enhancesys.auth.filter;
>
> import java.io.IOException;
>
> import javax.servlet.Filter;
> import javax.servlet.FilterChain;
> import javax.servlet.FilterConfig;
> import javax.servlet.ServletException;
> import javax.servlet.ServletRequest;
> import javax.servlet.ServletResponse;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpServletResponseWrapper;
> import javax.servlet.http.HttpSession;
>
> public class DisableUrlSessionFilter implements Filter {
>
> /*
> * private static Log logger =
> * LogFactory.getLog(DisableUrlSessionFilter.class);
> */
> /**
> * Filters requests to disable URL-based session identifiers.
> */
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException
> {
> // skip non-http requests
> if (!(request instanceof HttpServletRequest)) {
> chain.doFilter(request, response);
> return;
> }
>
> HttpServletRequest httpRequest = (HttpServletRequest) request;
> HttpServletResponse httpResponse = (HttpServletResponse)
> response;
>
> // clear session if session id in URL
> if (httpRequest.isRequestedSessionIdFromURL()) {
> HttpSession session = httpRequest.getSession();
> if (session != null) {
> session.invalidate();
> }
> }
>
> // wrap response to remove URL encoding
> HttpServletResponseWrapper wrappedResponse = new
> HttpServletResponseWrapper(
> httpResponse) {
> @Override
> public String encodeRedirectUrl(String url) {
> return url;
> }
>
> @Override
> public String encodeRedirectURL(String url) {
> return url;
> }
>
> @Override
> public String encodeUrl(String url) {
>
> return url;
> }
>
> @Override
> public String encodeURL(String url) {
> return url;
> }
> };
>
> // process next request in chain
> chain.doFilter(request, wrappedResponse);
> }
>
> /**
> * Unused.
> */
> public void init(FilterConfig config) throws ServletException {
> }
>
> /**
> * Unused.
> */
> public void destroy() {
> }
> }*
>
>
>
> for the above filter in web.xml
>
> * <filter-mapping> <filter-name>somename</filter-name>
> <url-pattern>/*</url-pattern> </filter-mapping> <filter>
> <filter-name>somename</filter-name>
> <filter-class>AboveFilterName</filter-class> </filter>
> *
>
>
>
> *but no solution was helpled me...*
> *
> *
> *thanking you*
>
>
>>
>> --
>>
>> Regards,****
>>
>> Nagaraju.
>>
>>
>
>
> --
>
> Regards,****
>
> Nagaraju.
>
