I am using Shiro in a Java EE application using the shiro-web dependency. I
noticed a strange behavior and tracked it down to a Shiro upgrade that
started in version 1.6.0 and persists in 1.7.0. I initially updated directly
from 1.5.1 to 1.7.0 but I went back and tested everything in between.
I have a logout servlet that does the following:
protected void doGet(HttpServletRequest request, HttpServletResponse
response)
throws ServletException, IOException {
SecurityUtils.getSubject().logout();
request.getSession().invalidate();
response.sendRedirect(request.getServletContext().getContextPath());
}
The client is then routed back to the index page. There is an image that
does not load on that page and our JSF button does not function properly.
The image request is a GET and results in an HTTP 400 and if I click our
button it does a POST that also yields a 400 Bad Request.
If I just refresh the page, everything seems to be fine and the rest of the
application continues to work properly.
I have looked through the issues closed in 1.6.0 and don't see anything
obvious.
(https://issues.apache.org/jira/browse/SHIRO-788?jql=project%20%3D%20SHIRO%20AND%20fixVersion%20%3D%201.6.0)
Any ideas?
