I have been trying to assign different unauthorized url for different roles in url section of shiro.ini file for a web application but it seems I am not able to do it.Below is the code that I have tried.
shiro.ini file
[main]
authc1 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
authc1.loginUrl = /login.xhtml
authc2.loginUrl = /secLoginPage.xhtml
[urls]
/login.xhtml = authc1
/secLoginPage.xhtml = authc2
/testapp/** = authc1, roles[admin,unauthorizedUrl=/adminAuthPage.xhtml]
/userfld/**=authc2,roles[user,unauthorizedUrl=/abortPage.xhtml]
/** = authc1
/** = authc2
After login to the application its redirect to authorized page with error Error 401: SRVE0295E: Error reported: 401
.
This error occurred after I added unauthorizedUrl=/adminAuthPage.xhtml
.
If there is any mistake in code please suggest.
What about you make a single unauthorized page that acts like a entry point now on his page redirect to required pages
403.jsp
<shiro:hasRole name="admin">
<c:redirect url="adminAuthPage.xhtml"/>
</shiro:hasRole>
<shiro:hasRole name="user">
<c:redirect url="abortPage.xhtml"/>
</shiro:hasRole>
Or better if you just want admin has another page then
<shiro:hasRole name="admin">
<c:redirect url="adminAuthPage.xhtml"/>
</shiro:hasRole>
<shiro:lacksRole name="admin">
<c:redirect url="abortPage.xhtml"/>
</shiro:lacksRole>