You want to add a message to the response body?
On 6 March 2014 13:12, Steve B <[email protected]> wrote: > > > When I receive a request on an expired session it is currently handled by > our authentication filter > onAccessDenied(ServletRequest request, ServletResponse response) > which just sends a 401 (unauthorized) as a response. > > Now I would like to add additional information ("session expired") to the > response. > > Now the question is what would be an easy&clean way to implement this. > > > Dominic Farr <[email protected]> hat am 6. März 2014 um 11:37 > geschrieben: > > Not sure I understand. What sort of information do you need to add? Add > to what? The subject? The response? > > You have access to the subject anywhere you like > with SecurityUtils.getSubject() > > In the listener, when onExpiration is called you can use > SecurityUtils.getSubject() to grab the subject. Will that work? > > > > > On 6 March 2014 09:56, Steve B <[email protected]> wrote: > > > That's right, I can attach to onExpiration(Session session). But how do I > pass the info to the subject such that I can query this flag in the > onAccessDenied method ? > <http://shiro.apache.org/static/current/apidocs/src-html/org/apache/shiro/session/SessionListener.html#line.58> > > > > > Dominic Farr < [email protected]> hat am 6. März 2014 um 10:43 > geschrieben: > > yes. shiro has session listener. > > > http://shiro.apache.org/static/current/apidocs/org/apache/shiro/session/SessionListener.html > > > On 6 March 2014 09:38, Steve B <[email protected]> wrote: > > Hi, > > is there an easy way to detect if a session has expired ? > > I got a sub-class of FormAuthenticationFilter where I override > onAccessDenied and would like to add some additional info on why a 401 is > returned. > > protected boolean onAccessDenied(ServletRequest request, ServletResponse > response) throws Exception > { > ... > // issue 401 > httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); > } > > I thought about using a session listener, but it is not clear to me where > I should store expiration/stop info. > > > Thanks, > > Steve > > > > > > >
