Shiro saves wrong request when redirecting to login page

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Shiro saves wrong request when redirecting to login page

I think this is a bug, I would like to know if it was by design before I open one.

This is the original scenario I found the problem
stackoverflow question

Brief Description of problem

If the login page is located at a location that requires authc the login page will be loaded but any other content on the page will not (e.g <link> css files or <script> js files). After successfully logging in I will be redirected to one of these files (but the user is logged in).

It looks like:

WebUtils.redirectToSavedRequest(request, response, "index.xhtml");

saves the last request that wasn't the login page.

Would it not be more appropriate to save the request that first triggers the display of the login page, or not display the login page i.e. dont make it a special case, so you never end up in this situation in the first place.