Hi Les, Thank you for your advice, I've a clear configuration now. I found my problem, my token's default constructor set the rememberMe property to false, so that the authentication params were passed in the http headers and were not saved in the session.
I've finished my project, and now know many things about security frameworks^^. It's possible that I give some of my modules to your community in the future, depending on my entreprise politic. See you, Tcharlie Tcharlie wrote: > > Hi all, > > I'm develloping a custom application using shiro (jsecurity 0.9). > I wanted to forbid access to one html page, so, I added the following line > in my web.xml: > [urls] > /jsp/newscorner.html = authc, > perms[urls:/jsp/newscorner.html:access] > > It works fine when I use a server redirect (dispatcher.forward(...)). > The problem comes when i try to make a client redirect to this page (via < > a href... >) > Authentication headers are not present so I encounter a 401 error. > > Is there any httpsessionfilter implemented (based on jsessionid) or should > I implement it by myself? > Is there an other way to bypass this problem? (I don't want to change > anything in my jsp's and html files). > > Thank in advance, Tcharlie > > -- View this message in context: http://n2.nabble.com/BasicHttpHeader-and-jsp-links-tp3288699p3293793.html Sent from the Shiro User mailing list archive at Nabble.com.
