I have my applicationContext like this:
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/index.faces"/>
<property name="filterChainDefinitions">
<value>
/* = authc
</value>
</property>
</bean>
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="opacsRealm" />
</bean>
<bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
<bean id="sha512Matcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="SHA-256" />
<property name="hashIterations" value="1024" />
</bean>
<bean id="opacsRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm">
<property name="dataSource" ref="dataSource" />
<property name="authenticationQuery"
value="select PASSWORD, SALT from SEC_USERS where NAME
= ?" />
<property name="userRolesQuery"
value="SELECT ROLE_NAME FROM SEC_USERS_ROLES WHERE
USER_NAME = ?" />
<property name="permissionsQuery"
value="SELECT permission FROM SEC_ROLES_PERMISSIONS
WHERE ROLE_NAME = ?"
/>
<property name="permissionsLookupEnabled" value="true" />
<property name="saltStyle" value="COLUMN" />
<property name="credentialsMatcher" ref="sha512Matcher"/>
</bean>
What is happening is when the session times out, the app doesn't respond to
events like command buttons and ajax (Primefaces), which is good. But there
is no redirect to the index.faces page. It will do that if I refresh the
browser, but no other trigger will redirect. Is there anything else I need
to do to get Shiro to redirect to the login page whenever session time out
occurs? I am using the session timeout property in the web.xml so it's all
container-based. Thanks!
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Session-Timeout-doesn-t-redirect-to-login-page-tp7577730.html
Sent from the Shiro User mailing list archive at Nabble.com.
