Author: echatellier Date: 2012-11-26 16:27:14 +0100 (Mon, 26 Nov 2012) New Revision: 241 Url: http://nuiton.org/repositories/revision/nuiton-web/241 Log: Take care of context path in uri Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-11-23 12:34:40 UTC (rev 240) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/SecurityShiroFilter.java 2012-11-26 15:27:14 UTC (rev 241) @@ -136,8 +136,13 @@ subjectUser.login(new UsernamePasswordToken(ANON_LOGIN, "")); } - // get permission - String uri = ((HttpServletRequest)servletRequest).getRequestURI(); + // get permission from requested uri without context path + HttpServletRequest httpServletRequest = ((HttpServletRequest)servletRequest); + String contextPath = httpServletRequest.getContextPath(); + String uri = httpServletRequest.getRequestURI(); + if (uri.startsWith(contextPath)) { + uri = uri.substring(contextPath.length()); + } String perm = SecurityUtil.convertToShiroPerm(uri, config.getOption("topia.security.separators")); if (subjectUser.isPermitted("url" + perm)) { @@ -156,13 +161,13 @@ } // save request and redirect to login Session session = subjectUser.getSession(); - HttpServletRequest httpServletRequest = (HttpServletRequest)servletRequest; StringBuffer requestURL = new StringBuffer(httpServletRequest.getRequestURL()); if (httpServletRequest.getQueryString() != null) { requestURL.append('?').append(httpServletRequest.getQueryString()); } session.setAttribute(SESSION_SAVED_URL, requestURL.toString()); - ((HttpServletResponse)servletResponse).sendRedirect(config.getOption("topia.security.loginurl")); + String redirect = contextPath + config.getOption("topia.security.loginurl"); + ((HttpServletResponse)servletResponse).sendRedirect(redirect); } else { ((HttpServletResponse)servletResponse).sendError(401, "Not authorized to access " + uri); } Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java 2012-11-23 12:34:40 UTC (rev 240) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/AbstractAction.java 2012-11-26 15:27:14 UTC (rev 241) @@ -36,7 +36,6 @@ import com.opensymphony.xwork2.ActionSupport; - public class AbstractAction extends ActionSupport implements ServletContextAware, ParameterAware { /** serialVersionUID. */ Modified: trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java =================================================================== --- trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java 2012-11-23 12:34:40 UTC (rev 240) +++ trunk/nuiton-security/src/main/java/org/nuiton/web/security/actions/RoleAction.java 2012-11-26 15:27:14 UTC (rev 241) @@ -22,7 +22,6 @@ * #L% */ - package org.nuiton.web.security.actions; import org.apache.commons.lang3.StringUtils;