Hi All,
We've run into problem with our authentication scheme. If a user fat
fingers a URL they will end up with the login prompt, which is fine, but
then after login they get a 404, which is confusing. We are using Shiro
and an extended version of FormAuthenticationFilter.
The filter is loaded in the web.xml with:
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
We then have a shiro.ini setup for:
/** = customFilter
We'd like to do one of these things:
1) Give them the 404 instead requesting login. This could be
accomplished by being very specific in our shiro.ini file, but that
seems error prone if we add new servlets or pages that need to be secured.
2) After they login, detect that they are going to a 404 page and
redirect them to their default page.
However, we are unsure how to tell if you are going to get a 404 when
you are in the filter.
Les seem to suggest that you can do this somehow with an error
controller, but I didn't understand his comments or error controllers
well enough to know how
(http://grokbase.com/t/shiro/user/11bn2d3n6x/missing-subject-after-request-a-not-mapping-url).
Also found this discussion of how to detect 404s that are missing files,
but not how to detect servlets:
https://www.java.net//node/668646
Is there a better way to accomplish what we want?
Thanks in advance!
Sincerely,
Stephen McCants
--
Stephen McCants
Senior Software Engineer
Healthcare Control Systems
1-877-877-8795 x116
