Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-22

Enable POST redirects on session timeout


    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      When a user is filling out a form for a long time and they don't submit (POST) within the session timeout limit they lose the newly entered data because after logging in they are redirected via GET to the target URI. This feature would enable redirecting a POST as a POST and therefore after successfully logging back in the user would see the result of their initial action.

      See email thread here: http://jsecurity.markmail.org/search/JSecurity+Saving+POST+data%3F?page=1

      The solution might work like this:

      since we have control over the Request/Response pair, we could do something snazzy where, if the SavedRequest in the session is a POST request, we can manually construct a Request object indicating a POST method and send that into the filter chain directly instead of the originating GET Request given to us by the Servlet container.

      So, in essence, a GET would be redirected as a GET, and a POST would be redirected as a POST. It would work in a REST scenario because the SavedRequest is stored in the session.

      But this again assumes that this is even desirable (POST redirect). We could make it configurable I suppose (enablePostRedirects = true/false) in the JSecurityFilter configuration if someone didn't like that idea.


          Issue Links



              • Assignee:
                joneilloine Jesse O'Neill-Oine
              • Votes:
                1 Vote for this issue
                0 Start watching this issue


                • Created: