What is the order of your filters? Is Shiro first?
On Tue, Feb 26, 2019 at 8:16 AM trinadhm <[email protected]> wrote: > Brain, > > I cannot put it together as this involves lot of components integrated. > I think I found an issue, but not sure how to fix. As I said earlier I am > using JSF 2 + Spring + Primefaces > > When I login first time, the request pass through FacesAjaxAwareUserFilter > and redirecting back to Login page. When I try to login second time, it > taking me to home page since the request did not pass through > FacesAjaxAwareUserFilter. Once logged in, if I try to do click any > action,the request pass through FacesAjaxAwareUserFilter and takes me back > to Login Page. > > I know how to configure in shiro.ini > user=web.filter.FacesAjaxAwareUserFilter > user.loginUrl=/pages/pub/lgn/login.xhtml > > but in Spring not sure how to configure in above way > > > Spring Shiro configuration > > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager"/> > <property name="loginUrl" value="/pages/pub/lgn/login.xhtml"/> > <property name="successUrl" value="/page/sec/cmn/home.xhtml" /> > <property name="unauthorizedUrl" > value="/pages/sec/err/accessdenied.xhtml"/> > <property name="filters"> > <util:map> > <entry key="user" value-ref="userFilter"/> > </util:map> > </property> > <property name="filterChainDefinitions"> > <value> > /javax.faces.resource/** = noSessionCreation, anon > /pages/pub/lgn/login.xhtml = noSessionCreation, > anon > /pages/pub/** = anon > /logout = logout > /pages/sec/** = user > /rest/** = noSessionCreation, anon > </value> > </property> > </bean> > <bean id="userFilter" class="web.filter.FacesAjaxAwareUserFilter"/> > > public class FacesAjaxAwareUserFilter extends UserFilter { > > private static final String FACES_REDIRECT_XML = "<?xml version=\"1.0\" > encoding=\"UTF-8\"?>" > + "<partial-response><redirect > url=\"%s\"></redirect></partial-response>"; > > @Override > protected void redirectToLogin(ServletRequest req, ServletResponse res) > throws IOException { > HttpServletRequest request = (HttpServletRequest) req; > > if ("partial/ajax".equals(request.getHeader("Faces-Request"))) { > res.setContentType("text/xml"); > res.setCharacterEncoding("UTF-8"); > res.getWriter().printf(FACES_REDIRECT_XML, > request.getContextPath() + getLoginUrl()); > } else { > super.redirectToLogin(req, res); > } > } > > } > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
