During following the tutorials and linked code examples I run into an issue by running an example application which is using Apache Shiro and Jaas for authentication. The source code I currently have troubles with can be found under
https://github.com/peterl1084/cdiexample
. The original code has an issue that you can access views even if you are not logged in (
https://github.com/peterl1084/cdiexample/issues/7
). I could fix this by using an annotation for the views:
@RolesAllowed("user")But after the change the roles of the user does not get updated and all views are hidden / not accessible until I refresh the page. When I’m logging the access to isUserInRole() in class ShiroAccessControl, the roles are only retrieved / checked when the page is loaded, but not when views are changed. Is there a solution to tell the JaasAccessControl to reload the user roles after successful login? Maybe someone ran into the same issue and already has found a fix?
/edit: Found a simple fix by calling Page.getCurrent().reload() after the login.