Hey guys ... I've got a little logical problem with filters ...
Our use case: we export rest services and our end points are protected by Shiro. on our end points we have different types or filter spceified. terminateFilter code is as follows Explanation: All previous filters (before terminateFilter) execute login if they are supposed to execute it (meaning .. if formAuthFilter resolves it is login request, then login will execute and return true or false depending on the credentials) All previous filters will return true in case request is not meant it to execute login. if none of the previous filters succeeded in isAccessAllowed and all onAccessDenied() methods return true this terminateFilter filter will definetly throw unauthorized response. So unless we have terminateFilter in configuration and all fitlers skip execute login, shiro does not block user ... (try it yourself) question: Does anybody have any other solution so terminateFilter does not have to be defined ? Any advice would be appreciated ... Regards Armando -- View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-auth-filters-and-onAccessDenied-method-logic-question-tp7581679.html Sent from the Shiro User mailing list archive at Nabble.com.
