That's right, I can attach to onExpiration(Session session). But how do I pass the info to the subject such that I can query this flag in the onAccessDenied method ? <http://shiro.apache.org/static/current/apidocs/src-html/org/apache/shiro/session/SessionListener.html#line.58>
> Dominic Farr <[email protected]> hat am 6. März 2014 um 10:43 geschrieben: > > yes. shiro has session listener. > > > <http://shiro.apache.org/static/current/apidocs/org/apache/shiro/session/SessionListener.html> > > > On 6 March 2014 09:38, Steve B <[email protected] > <mailto:[email protected]> > wrote: > > > Hi, > > > > is there an easy way to detect if a session has expired ? > > > > I got a sub-class of FormAuthenticationFilter where I override > > onAccessDenied and would like to add some additional info on why a 401 is > > returned. > > > > protected boolean onAccessDenied(ServletRequest request, ServletResponse > > response) throws Exception > > { > > ... > > // issue 401 > > httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); > > } > > > > I thought about using a session listener, but it is not clear to me where > > I should store expiration/stop info. > > > > > > Thanks, > > > > Steve > > >
