Hi Eric, Just out of curiosity, how did this happen for a REST call? I would think it would be ideal to return a 401 instead of redirecting the user to a login page, ideally allowing an HTTP authentication scheme (like Basic over TLS) to execute.
Also, I don't know if this might address your issue, but I created an issue a while ago that supports multiple authentication schemes via a single authentication filter: https://issues.apache.org/jira/browse/SHIRO-414 Thoughts? -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Thu, Jul 25, 2013 at 3:13 PM, Eric Mulvihill <[email protected]>wrote: > Shiro's automatic redirect back to the last page viewed upon logging back > in > after a session expiration is working well.. actually a bit too well. > > We came across a case where a file download link (generated from a REST > call > being authenicated by Shiro) is the URL being redirected to. This is not > ideal because the user stays on our login page and gets multiple copies of > the file when they click Login, instead of being redirected somewhere > useful. > > I would much rather have this url excluded from the redirect behavior, and > have the user just land on the fallback landing page in this case. > > Is this possible? The only other thing I can think to do is do a defensive > check beforehand, and prevent the action if their session is expired. > > Thanks for any ideas. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/possible-to-add-exceptions-to-expired-session-redirect-tp7578949.html > Sent from the Shiro User mailing list archive at Nabble.com. >
