Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I redirect requests to a configured Shiro loginUrl if the user is already authenticated?

Tags:

java

authentication

login

shiro

I have a webapp using Shiro for authentication. The relevant parts of the web.xml and shiro.ini are:

<listener>
    <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>ShiroFilter</filter-name>
    <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>ShiroFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>INCLUDE</dispatcher>
    <dispatcher>ERROR</dispatcher>
</filter-mapping>

and

[main]
authc.loginUrl = /authoring/login.html
authc.successUrl  = /authoring
logout.redirectUrl = /authoring/login.html

[users]
foo = foo

[urls]
/authoring/logout = logout
/authoring/** = authc

Shiro correctly intercepts all requests from non-authenticated clients and redirects to the configured loginUrl (and then forwards them on to the requested page after successful authentication). What I'd like to have happen is, if an authenticated client makes an explicit request to /authoring/login.html, redirect that to /authoring. This would ONLY happen if the client is authenticated.

For example, think of how Gmail works - trying to access mail.google.com (or even https://accounts.google.com/ServiceLogin) when you've already logged in redirects you to the inbox. Is this possible with Shiro out of the box? If not, what's the right way to implement it?

like image 519
alan Avatar asked Jan 02 '13 16:01

alan

1 Answers

You could handle the login request yourself or using your framework, you would need to change your shiro.ini to use a PassThruAuthenticationFilter

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

You could now check if the user is logged in and redirect if true:

Subject currentUser = SecurityUtils.getSubject();
if(currentUser.isAuthenticated()){
    //redirect
}else{
    AuthenticationToken token =  new UsernamePasswordToken(username, password);
    currentUser.login(token);
    WebUtils.redirectToSavedRequest(request, response, "index.xhtml");
}

This isn't an totally out of the box solution. I am not certain if you can get the success url outside of the authentication, you could manually redirect WebUtils.issueRedirect(req, resp, url)

like image 185
Alex Edwards Avatar answered Oct 04 '22 03:10

Alex Edwards
Sign in to Comment

Related questions

Library shutdown routine that works well in a 'normal' Java application and in a web application
How to add javax.activation.DataSource to App Engine devserver?
Injecting a generic factory in Guice
Encryption of image files on Android -- Cipher(Output|Input)Stream problems
How to deal with a very large text file?
query hangs oracle 10g
Sun JDK /Open JDK on Cygwin
handling "are you sure you want to navigate away from this page" Msg in Selenium 2.0
Tricky try-catch java code
Voice operated Software development tools
How can I install openjdk-7-jdk on lucid 10.04 LTS? [closed]
WebDriver FireFoxProfile UserAgent switching with FireFoxDriver
How does one print total number of pages in a JTextPane footer?
How to get "active editor" in Eclipse plugin?
Self-containing array deep equals
Why doesn't this code close JDBC connections? (Java 7 Autocloseable unexpected behavior)
hibernate exception LockAcquisitionException: could not update
Akka and Java libraries that use ThreadLocals
How do I render a convincing skydome?
Android billing v3 - no signature

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!