shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felipe Jaekel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-411) Authentication not required for welcome-files in web.xml
Date Wed, 08 May 2013 14:49:17 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13651947#comment-13651947
] 

Felipe Jaekel commented on SHIRO-411:
-------------------------------------

After my previous post I ended up with a similar workaround:

<%@ page session="false" %>

<%	response.sendRedirect("page/restricted.jsf"); %>


And I have declared Shiro Filter this way:

	<filter>
		<filter-name>ShiroFilter</filter-name>
		<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>ShiroFilter</filter-name>
		<url-pattern>/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>INCLUDE</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>


So I still consider its a bug.

Thanks,
Phillip
                
> Authentication not required for welcome-files in web.xml
> --------------------------------------------------------
>
>                 Key: SHIRO-411
>                 URL: https://issues.apache.org/jira/browse/SHIRO-411
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authorization (access control) , Realms , Web
>    Affects Versions: 1.2.1
>         Environment: Win 7, Glassfish 3.1.2.2 or Tomcat 7
>            Reporter: Peter Bočák
>              Labels: cas
>
> Sample CAS server configuration as it was described in http://shiro.apache.org/cas.html
(Complete configuration sample) doesn't require authentication for welcome files defined in
web.xml.
> INI configuration [urls]:
>     /shiro-cas = casFilter
>     /protected/** = roles[ROLE_USER]
>     /** = anon
> web.xml:
>    <welcome-file-list>
>         <welcome-file>protected/index.xhtml</welcome-file>
>     </welcome-file-list>
> When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro correctly redirects
me to CAS server for authentication.
> But if I access localhost:8080/shiro-cas/, application redirects me to specified welcome
file /protected/index.xhtml without authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message