shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-200) Add ability to configure basic authentication for specific HTTP methods
Date Fri, 01 Jul 2016 21:46:10 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15359693#comment-15359693
] 

Brian Demers commented on SHIRO-200:
------------------------------------

[~pledbrook] +1

Do you want to merge it ?

> Add ability to configure basic authentication for specific HTTP methods 
> ------------------------------------------------------------------------
>
>                 Key: SHIRO-200
>                 URL: https://issues.apache.org/jira/browse/SHIRO-200
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authentication (log-in), Web
>    Affects Versions: 1.0.0
>            Reporter: Peter Ledbrook
>              Labels: patch, patch-with-test
>             Fix For: 1.3.0
>
>         Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is applied
to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely
open and only the update methods requiring authentication. Proposed syntax:
> <pre>
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> </pre>
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the class it's
testing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message