All geek questions in one place

How to use different unauthorized URLs for different roles in apache siro

I am trying to assign a different unauthorized url for different roles in the url section of the siro.ini file for a web application, but it seems like I cannot do this. Below is the code I tried.

siro.ini file

[main] authc1 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter authc1.loginUrl = /login.xhtml authc2.loginUrl = /secLoginPage.xhtml [urls] /login.xhtml = authc1 /secLoginPage.xhtml = authc2 /testapp/** = authc1, roles[admin,unauthorizedUrl=/adminAuthPage.xhtml] /userfld/**=authc2,roles[user,unauthorizedUrl=/abortPage.xhtml] /** = authc1 /** = authc2

After entering the application, it is redirected to the authorized page with the error Error 401: SRVE0295E: Error reported: 401 .

This error occurred after adding unauthorizedUrl=/adminAuthPage.xhtml . If there is any error in the code, please suggest.

+5
source share
2 answers

How about you make one unauthorized page that acts as an entry point now on your page, redirects to the required pages.

403.jsp

 <shiro:hasRole name="admin"> <c:redirect url="adminAuthPage.xhtml"/> </shiro:hasRole> <shiro:hasRole name="user"> <c:redirect url="abortPage.xhtml"/> </shiro:hasRole>

Or better if you just want the admin to have a different page, then

  <shiro:hasRole name="admin"> <c:redirect url="adminAuthPage.xhtml"/> </shiro:hasRole> <shiro:lacksRole name="admin"> <c:redirect url="abortPage.xhtml"/> </shiro:lacksRole>
0
source

I don’t think that it should be done that way, you basically want to add permission inside the roles.

http://shiro.apache.org/web.html

this is

/ testapp / ** = authc1, role [admin, unauthorizedUrl = / adminAuthPage.xhtml]

it should be:

/ testapp / ** = authc1, roles [admin], perms ["admin ::"]

0
source

Source: https://habr.com/ru/post/1208710/

More articles:


All Articles