Hi Jared,
Thanks for your reply. This is the solution I'm going with,
because I can set it to "text/xml" and then set noSessionCreation filter
and make things work as desired. Sadly, that didn't occur to me until
after I'd implemented and tested a more complex solution that involved
getting a session, using that cookie and then logging out (deleting the
session). (We're a little worried about session accumulation from the
automated source.)
Thanks!
--Stephen
On 7/30/2013 3:36 PM, Jared Bunting wrote:
My first thought is that this behavior of trying to read the POST
content only makes sense if the request is form data. From that I am
assuming that your request either comes in with a form data content
type, or it comes in with no content-type header and tomcat is
assuming form data. I'm mostly guessing the second. If that's the
case, try posting with an appropriate content type.
If that solves the issue and you still want to support the no content
type specified scenario, add a filter in front of shiro that sets a
default content type.
On Jul 30, 2013 12:03 PM, "Stephen McCants"
<[email protected] <mailto:[email protected]>> wrote:
I've looked at using the noSessionCreation filter, but that
doesn't prevent the code from consuming the POST content looking
for a session that might exist. Is there a filter that would
prevent Shiro from not even looking for a session id?
Thanks!
Sincerely,
Stephen
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116 <tel:1-877-877-8795%20x116>
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116
