Right, I want to know the reason for the 401 in order to display a reasonable message to the user.
> Dominic Farr <[email protected]> hat am 6. März 2014 um 14:13 geschrieben: > > You want to add a message to the response body? > > > On 6 March 2014 13:12, Steve B <[email protected] > <mailto:[email protected]> > wrote: > > > > > > > When I receive a request on an expired session it is currently handled by > > our authentication filter > > onAccessDenied(ServletRequest request, ServletResponse response) > > which just sends a 401 (unauthorized) as a response. > > > > Now I would like to add additional information ("session expired") to the > > response. > > > > Now the question is what would be an easy&clean way to implement this. > > > > > > > > > Dominic Farr < [email protected] > > > > > <mailto:[email protected]> > hat am 6. März 2014 um 11:37 > > > > > geschrieben: > > > > > > Not sure I understand. What sort of information do you need to add? > > > Add to what? The subject? The response? > > > > > > You have access to the subject anywhere you like with > > > SecurityUtils.getSubject() > > > > > > In the listener, when onExpiration is called you can use > > > SecurityUtils.getSubject() to grab the subject. Will that work? > > > > > > > > > > > > > > > On 6 March 2014 09:56, Steve B <[email protected] > > > <mailto:[email protected]> > wrote: > > > > > > > > > > > That's right, I can attach to onExpiration(Session session). But > > > > how do I pass the info to the subject such that I can query this flag in > > > > the onAccessDenied method ? > > > > <http://shiro.apache.org/static/current/apidocs/src-html/org/apache/shiro/session/SessionListener.html#line.58> > > > > > > > > > > > > > > > > > > > > > > > > > Dominic Farr < [email protected] > > > > > > > > > <mailto:[email protected]> > hat am 6. März 2014 um > > > > > > > > > 10:43 geschrieben: > > > > > > > > > > yes. shiro has session listener. > > > > > > > > > > > > > > > <http://shiro.apache.org/static/current/apidocs/org/apache/shiro/session/SessionListener.html> > > > > > > > > > > > > > > > On 6 March 2014 09:38, Steve B <[email protected] > > > > > <mailto:[email protected]> > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > is there an easy way to detect if a session has expired ? > > > > > > > > > > > > I got a sub-class of FormAuthenticationFilter where I > > > > > > override onAccessDenied and would like to add some additional info > > > > > > on why a 401 is returned. > > > > > > > > > > > > protected boolean onAccessDenied(ServletRequest request, > > > > > > ServletResponse response) throws Exception > > > > > > { > > > > > > ... > > > > > > // issue 401 > > > > > > > > > > > > > > > > > > httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); > > > > > > } > > > > > > > > > > > > I thought about using a session listener, but it is not > > > > > > clear to me where I should store expiration/stop info. > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Steve > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
