shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laurent Cottereau (JIRA)" <>
Subject [jira] [Commented] (SHIRO-409) Need a nossl to match the ssl filter
Date Thu, 21 Feb 2013 11:20:13 GMT


Laurent Cottereau commented on SHIRO-409:

It seems to me that no-ssl allows Session Hijacking as much as ssl-on-login-only. And shiro
does not force a full-ssl configuration today. So it doesn't seem to me that providing a nossl
filter would be worst than today. 

I agree with Kamal Sharif when he explains that certain applications are not that sensitive
such that only the password really needs to be protected.

Thank you guys for all you work and Kamal for sharing your code.
> Need a nossl to match the ssl filter
> ------------------------------------
>                 Key: SHIRO-409
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.1
>         Environment: All
>            Reporter: Kamal Sharif
>            Priority: Critical
>              Labels: features
> One great-but not seemingly too difficult- feature would be a nossl filter to match the
ssl filter. In my website, I only want the login process to be handled over https, but using
ssl filter, the site stays in https since all of the links on those pages will stay relative
to the https url.
> It would be great if a nossl filter exisited that one could define and would switch the
port for the urls defined.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message