shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barry Knapp (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-521) Allow specific permissions for wsdl / wadl & xsd
Date Fri, 10 Oct 2014 13:16:34 GMT
Barry Knapp created SHIRO-521:
---------------------------------

             Summary: Allow specific permissions for wsdl / wadl & xsd
                 Key: SHIRO-521
                 URL: https://issues.apache.org/jira/browse/SHIRO-521
             Project: Shiro
          Issue Type: Bug
          Components: Web
    Affects Versions: 1.2.2, 2.0.0
            Reporter: Barry Knapp
            Priority: Minor


ShiroFilterFactoryBean should have a setFilterChainResolver to allow overriding the PathMatchingFilterChainResolver
being created in the createInstance method.

I would like to allow wsdl, wadls and xsds for anon while the same URI

<bean id="shiroFilter" class="com.railinc.shiro.spring.web.ShiroFilterFactoryBean">
	    <property name="securityManager" ref="securityManager"/>
            <property name="pathWithParamMatchingFilterChainResolver " ref="pathWithParamMatchingFilterChainResolver
"
	    <property name="filterChainDefinitions">
	        <value>
	        <!-- allow access to wsdls, wadls and schemas -->
	            /services/validation/r2009v1?_wadl = noSessionCreation, anon
   	            /services/soap/equipmentValidationService/r2009v1?wsdl = noSessionCreation,
anon
   	            <!-- replace = in the path with ? for the pattern matcher -->
   	            /services/soap/equipmentValidationService/r2009v1?xsd?../schemas/ExampleEquipmentValidation.xsd
= noSessionCreation, anon
   	            /services/soap/equipmentValidationService/r2009v1?xsd?./bindingMapping.xsd
= noSessionCreation, anon
   	            /services/soap/equipmentValidationService/r2009v1?xsd?./ExampleRailincEquipment.xsd
= noSessionCreation, anon        	
	        	/** = noSessionCreation, authcBasic
	        </value>
	    </property>
	</bean>



Then I could extend PathMatchingFilterChainResolver as such

public class PathWithParamMatchingFilterChainResolver extends PathMatchingFilterChainResolver
{
	
	@Override
	protected String getPathWithinApplication(ServletRequest request) {
		HttpServletRequest httpReq =WebUtils.toHttp(request);
		StringBuilder completeURI = new StringBuilder();
		completeURI.append( WebUtils.getPathWithinApplication(httpReq));
		String queryStr = httpReq.getQueryString();
		if(!StringUtils.isEmpty(queryStr)){
			completeURI.append("?");
			completeURI.append(queryStr);
		}
		return completeURI.toString();
	}
}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message