((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session Expired");
On 6 March 2014 13:13, Dominic Farr <[email protected]> wrote: > You want to add a message to the response body? > > > On 6 March 2014 13:12, Steve B <[email protected]> wrote: > >> >> >> When I receive a request on an expired session it is currently handled >> by our authentication filter >> onAccessDenied(ServletRequest request, ServletResponse response) >> which just sends a 401 (unauthorized) as a response. >> >> Now I would like to add additional information ("session expired") to >> the response. >> >> Now the question is what would be an easy&clean way to implement this. >> >> >> Dominic Farr <[email protected]> hat am 6. März 2014 um 11:37 >> geschrieben: >> >> Not sure I understand. What sort of information do you need to add? Add >> to what? The subject? The response? >> >> You have access to the subject anywhere you like >> with SecurityUtils.getSubject() >> >> In the listener, when onExpiration is called you can use >> SecurityUtils.getSubject() to grab the subject. Will that work? >> >> >> >> >> On 6 March 2014 09:56, Steve B <[email protected]> wrote: >> >> >> That's right, I can attach to onExpiration(Session session). But how do >> I pass the info to the subject such that I can query this flag in the >> onAccessDenied method ? >> <http://shiro.apache.org/static/current/apidocs/src-html/org/apache/shiro/session/SessionListener.html#line.58> >> >> >> >> >> Dominic Farr < [email protected]> hat am 6. März 2014 um 10:43 >> geschrieben: >> >> yes. shiro has session listener. >> >> >> http://shiro.apache.org/static/current/apidocs/org/apache/shiro/session/SessionListener.html >> >> >> On 6 March 2014 09:38, Steve B <[email protected]> wrote: >> >> Hi, >> >> is there an easy way to detect if a session has expired ? >> >> I got a sub-class of FormAuthenticationFilter where I override >> onAccessDenied and would like to add some additional info on why a 401 is >> returned. >> >> protected boolean onAccessDenied(ServletRequest request, ServletResponse >> response) throws Exception >> { >> ... >> // issue 401 >> httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); >> } >> >> I thought about using a session listener, but it is not clear to me >> where I should store expiration/stop info. >> >> >> Thanks, >> >> Steve >> >> >> >> >> >> >> > >
