thanks for helpful reply...... unfortunately here i am not using shiro.ini file as the security realm, instead i am using postgresql database to store users, roles,......,etc
like ur configuration in filterChain..... our configuration is as follows this is shiro with spring integration <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/login" /> <property name="successUrl" value="redirect:/main/welcome1?cat=dashboard.summary" /> <property name="unauthorizedUrl" value="/login" /> <property name="filterChainDefinitions"> <value> /framework/default/skins/css/login_style.css = anon /framework/default/skins_ie/js/html5shiv.js = anon /framework/default/skins/images/lock_icon.gif = anon /framework/default/skins/images/enhancesys_top_logo.png = anon /login = anon <!-- login request trapper---> /main/logout = logout /** = authc </value> </property> </bean> here my anon is the login request trapper, as u said i tried in different ways like 1) /login = anon, NO_SESSION_CREATION ---------------> i got exception saying that there is no filter named as NO_SESSION_CREATION 2) /login = anon, noSessionCreation -----------------> no efftect 3) /** = authc ,NO_SESSION_CREATION -------------> same exception 4) /** = authc ,noSessionCreation -----------------> in impact suggest me how to do it........ thanking you, :) On Fri, Jul 26, 2013 at 1:30 PM, Alexander Openkowski <[email protected] > wrote: > My login page is located under 'mydomain.com/app/account/login.jsp'. To > hide the jsessionid when landing on the login page I added the following to > my ShiroGuiceModule: > > addFilterChain("/app/account/**", AUTHC, NO_SESSION_CREATION); // before I > only had AUTHC filter there > > So basically the trick seems to be to not create a session until the user > logs in. > If you're using .ini configuration it shouldn't be too hard to adapt that > I think. > > Btw: If there is something wrong with this approach please tell me! > > HTH, > Alex > > > On Fri, Jul 26, 2013 at 7:24 AM, Nagaraju Kurma < > [email protected]> wrote: > >> thanks for your suggestions, >> here i am using native session but not servlet session. >> >> when shiro session was extended from servlet session it has got some more >> extra activities. >> i searched in google and tried with the following different options >> >> >> 1) in web.xml >> ----------------- >> >> <session-config> >> <tracking-mode>COOKIE</tracking-mode></session-config> >> >> >> >> >> >> 2) context.xml >> >> >> <?xml version='1.0' encoding='utf-8'?><Context docBase="PATH_TO_WEBAPP" >> path="/CONTEXT" disableURLRewriting="true"></Context> >> >> >> 3) added on filter >> >> >> *package net.enhancesys.auth.filter; >> >> import java.io.IOException; >> >> import javax.servlet.Filter; >> import javax.servlet.FilterChain; >> import javax.servlet.FilterConfig; >> import javax.servlet.ServletException; >> import javax.servlet.ServletRequest; >> import javax.servlet.ServletResponse; >> import javax.servlet.http.HttpServletRequest; >> import javax.servlet.http.HttpServletResponse; >> import javax.servlet.http.HttpServletResponseWrapper; >> import javax.servlet.http.HttpSession; >> >> public class DisableUrlSessionFilter implements Filter { >> >> /* >> * private static Log logger = >> * LogFactory.getLog(DisableUrlSessionFilter.class); >> */ >> /** >> * Filters requests to disable URL-based session identifiers. >> */ >> public void doFilter(ServletRequest request, ServletResponse response, >> FilterChain chain) throws IOException, ServletException >> { >> // skip non-http requests >> if (!(request instanceof HttpServletRequest)) { >> chain.doFilter(request, response); >> return; >> } >> >> HttpServletRequest httpRequest = (HttpServletRequest) request; >> HttpServletResponse httpResponse = (HttpServletResponse) >> response; >> >> // clear session if session id in URL >> if (httpRequest.isRequestedSessionIdFromURL()) { >> HttpSession session = httpRequest.getSession(); >> if (session != null) { >> session.invalidate(); >> } >> } >> >> // wrap response to remove URL encoding >> HttpServletResponseWrapper wrappedResponse = new >> HttpServletResponseWrapper( >> httpResponse) { >> @Override >> public String encodeRedirectUrl(String url) { >> return url; >> } >> >> @Override >> public String encodeRedirectURL(String url) { >> return url; >> } >> >> @Override >> public String encodeUrl(String url) { >> >> return url; >> } >> >> @Override >> public String encodeURL(String url) { >> return url; >> } >> }; >> >> // process next request in chain >> chain.doFilter(request, wrappedResponse); >> } >> >> /** >> * Unused. >> */ >> public void init(FilterConfig config) throws ServletException { >> } >> >> /** >> * Unused. >> */ >> public void destroy() { >> } >> }* >> >> >> >> for the above filter in web.xml >> >> * <filter-mapping> <filter-name>somename</filter-name> >> <url-pattern>/*</url-pattern> </filter-mapping> <filter> >> <filter-name>somename</filter-name> >> <filter-class>AboveFilterName</filter-class> </filter> >> * >> >> >> >> *but no solution was helpled me...* >> * >> * >> *thanking you* >> >> >>> >>> -- >>> >>> Regards,**** >>> >>> Nagaraju. >>> >>> >> >> >> -- >> >> Regards,**** >> >> Nagaraju. >> > > -- Regards,**** Nagaraju.
