Home/ Questions/Q 7812371
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T04:28:58+00:00

I would like to be able to log the requests that my app receives

  • 0

I would like to be able to log the requests that my app receives that are unauthorized. Because the Shiro plugin uses an HTTP redirect to send the user to auth/unauthorized the request object is a fresh one and I can’t get the original URL; controller/action name; or request parameters from it.

Is there a way to determine either the original url, or the controller and action names (and request params if possible) inside the AuthController unauthorized action?

I am looking at http://plugins.grails.org/grails-shiro/tags/RELEASE_1_1_3/ShiroGrailsPlugin.groovy as a reference of the plugin source.

Details:
Grails 1.3.7
Shiro Grails plugin 1.1.3

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I had the same problem… my solution is not perfect:

    a browser sends the so called referer in one of the headers which you can get through

    request?.getHeader('Referer')

    But the referer is nothing you really can rely on — but most of the browsers send it.

    Another solution could be the filter: try to write the current url to another variable before you call accessControl() in ShiroSecurityFilters.groovy. You can get the current URL through request.forwardURI.

    Update: just verified my last assumption – this seems the cleanest solution to me:

    In ShiroSecurityFilters.groovy, replace

                // Access control by convention.
            accessControl()

    with

                // Access control by convention.
            if (!accessControl()) {
                session.deniedUrl = request.forwardURI
                return false
            }

    which enables you to access the url as session.deniedUrl in your auth/unauthorized controller.

    • 0