Shiro
  1. Shiro
  2. SHIRO-22

Enable POST redirects on session timeout

    Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      When a user is filling out a form for a long time and they don't submit (POST) within the session timeout limit they lose the newly entered data because after logging in they are redirected via GET to the target URI. This feature would enable redirecting a POST as a POST and therefore after successfully logging back in the user would see the result of their initial action.

      See email thread here: http://jsecurity.markmail.org/search/JSecurity+Saving+POST+data%3F?page=1

      Summary:
      The solution might work like this:

      since we have control over the Request/Response pair, we could do something snazzy where, if the SavedRequest in the session is a POST request, we can manually construct a Request object indicating a POST method and send that into the filter chain directly instead of the originating GET Request given to us by the Servlet container.

      So, in essence, a GET would be redirected as a GET, and a POST would be redirected as a POST. It would work in a REST scenario because the SavedRequest is stored in the session.

      But this again assumes that this is even desirable (POST redirect). We could make it configurable I suppose (enablePostRedirects = true/false) in the JSecurityFilter configuration if someone didn't like that idea.

        Issue Links

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Jesse O'Neill-Oine
            • Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Development