Re: Expected HTTP response in Apache Shiro when auth fails?

flindby Tue, 19 Aug 2014 05:23:37 -0700

Thank you Brian Demers, I think I solved the problem.

Before my onAccessDenied() looked like this:


    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse
response) 
            throws Exception {      
        if (hasAuthorizationToken(request)) {
            // Proceed with authentication
            return executeLogin(request, response);           
        }
        // Return 401 if authentication failed
              WebUtils.toHttp(response).sendError(
                    Status.UNAUTHORIZED.getStatusCode(),
                    "Oops, Authentication required");
        return false;
    }

Now it looks like this:

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse
response) 
            throws Exception {
        boolean authenticated = false;
        if (hasAuthorizationToken(request)) {
            // Proceed with authentication
            authenticated = executeLogin(request, response);           
        }
        // Return 401 if authentication failed
        if (!authenticated)
            WebUtils.toHttp(response).sendError(
                    Status.UNAUTHORIZED.getStatusCode(),
                    "Oops, Authentication required");
        return authenticated;
    }

I needed to manually return 401 when authentication failed.



--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148p7580158.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Expected HTTP response in Apache Shiro when auth fails?

Reply via email to