Commented on your StackOverflow question[1], but the gist of it is, this is working as expected. There was another user recently who was encountering a similar issue [2].
-Jared [1] http://stackoverflow.com/questions/12099262/jsf-2-spring-3-shiro-session-timeout-doesnt-redirect-to-login-page [2] http://shiro-user.582556.n2.nabble.com/Web-Filter-to-return-HTTP-status-code-td7577672.html On Thu 23 Aug 2012 02:09:41 PM CDT, alarinn wrote: > I have my applicationContext like this: > > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager" /> > <property name="loginUrl" value="/index.faces"/> > <property name="filterChainDefinitions"> > <value> > /* = authc > </value> > </property> > </bean> > <bean id="securityManager" > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> > <property name="realm" ref="opacsRealm" /> > </bean> > > <bean id="lifecycleBeanPostProcessor" > class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> > > <bean id="sha512Matcher" > class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> > > <property name="hashAlgorithmName" value="SHA-256" /> > <property name="hashIterations" value="1024" /> > </bean> > > > > <bean id="opacsRealm" class="org.apache.shiro.realm.jdbc.JdbcRealm"> > <property name="dataSource" ref="dataSource" /> > <property name="authenticationQuery" > value="select PASSWORD, SALT from SEC_USERS where NAME > = ?" /> > <property name="userRolesQuery" > value="SELECT ROLE_NAME FROM SEC_USERS_ROLES WHERE > USER_NAME = ?" /> > <property name="permissionsQuery" > value="SELECT permission FROM SEC_ROLES_PERMISSIONS > WHERE ROLE_NAME = ?" > /> > <property name="permissionsLookupEnabled" value="true" /> > <property name="saltStyle" value="COLUMN" /> > <property name="credentialsMatcher" ref="sha512Matcher"/> > </bean> > > What is happening is when the session times out, the app doesn't respond to > events like command buttons and ajax (Primefaces), which is good. But there > is no redirect to the index.faces page. It will do that if I refresh the > browser, but no other trigger will redirect. Is there anything else I need > to do to get Shiro to redirect to the login page whenever session time out > occurs? I am using the session timeout property in the web.xml so it's all > container-based. Thanks! > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Session-Timeout-doesn-t-redirect-to-login-page-tp7577730.html > Sent from the Shiro User mailing list archive at Nabble.com.
