Home/ Questions/Q 9059855
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T15:04:40+00:00

This web application works with Shiro and JSF. I added PrimeFaces and I am

  • 0

This web application works with Shiro and JSF. I added PrimeFaces and I am having login redirect issues.

Expected Behaviour:

  1. Navigate to url that needs authc
  2. Redirected to login page
  3. login redirected back to the original page

Behaviour with primfaces

  1. Navigate to url that needs authc
  2. Redirected to login page
  3. after login redirected to javax.faces.resource/theme.css?ln=primefaces-aristo

I login a user by catching the request params in my shiro.ini file

# name of request parameter with username; if not present filter assumes 'username'
authc.usernameParam = login:username
# name of request parameter with password; if not present filter assumes 'password'
authc.passwordParam = login:password
# does the user wish to be remembered?; if not present filter assumes 'rememberMe'
authc.rememberMeParam = login:remembered

I modified this to to instead use a PassThruAuthenticationFilter and the login request is processed by my Bean but this still produces the same error. Bean login method

AuthenticationToken token =  new UsernamePasswordToken(username, password);
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
ServletRequest request = (ServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
ServletResponse response = (ServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
WebUtils.redirectToSavedRequest(request, response, "index.xhtml");

My login Bean is @RequestScoped

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The root cause of this problem was having all my views in the same directory. I had configured shiro to require authentication for everything in the root directory /*

    The reason the login page was displayed is because it is a ‘special’ case, it is defined as the login page in the shiro config. After loading this page the browser made additional requests for the css and js files which is why there was no theme on this page.

    Given the behaviour of WebUtils.redirectToSavedRequest(request, response, "index.xhtml"); it appears that shiro simply saves the last request received that isn’t the login page.

    • 0