Not sure I understand. What sort of information do you need to add? Add to what? The subject? The response?
You have access to the subject anywhere you like with SecurityUtils.getSubject() In the listener, when onExpiration is called you can use SecurityUtils.getSubject() to grab the subject. Will that work? On 6 March 2014 09:56, Steve B <[email protected]> wrote: > > That's right, I can attach to onExpiration(Session session). But how do I > pass the info to the subject such that I can query this flag in the > onAccessDenied method ? > <http://shiro.apache.org/static/current/apidocs/src-html/org/apache/shiro/session/SessionListener.html#line.58> > > > > > Dominic Farr <[email protected]> hat am 6. März 2014 um 10:43 > geschrieben: > > yes. shiro has session listener. > > > http://shiro.apache.org/static/current/apidocs/org/apache/shiro/session/SessionListener.html > > > On 6 March 2014 09:38, Steve B <[email protected]> wrote: > > Hi, > > is there an easy way to detect if a session has expired ? > > I got a sub-class of FormAuthenticationFilter where I override > onAccessDenied and would like to add some additional info on why a 401 is > returned. > > protected boolean onAccessDenied(ServletRequest request, ServletResponse > response) throws Exception > { > ... > // issue 401 > httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); > } > > I thought about using a session listener, but it is not clear to me where > I should store expiration/stop info. > > > Thanks, > > Steve > > > >
