shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-579) Permission filter is validating last matched path
Date Mon, 10 Oct 2016 19:01:20 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15563162#comment-15563162
] 

Brian Demers commented on SHIRO-579:
------------------------------------

[~kushmanjali@gmail.com] 

This is the first I've heard of this type of issue.  I know there are a few _problems_ when
using Guice 4.x with Shiro.  Specifically around the API change in Guice 4 with key types.
(are you running with any patches?)

I put a pull request together (WIP), but if you want to test that out, let me know. 

> Permission filter is validating last matched path
> -------------------------------------------------
>
>                 Key: SHIRO-579
>                 URL: https://issues.apache.org/jira/browse/SHIRO-579
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Guice
>    Affects Versions: 1.3.0
>         Environment: Google App Engine
>            Reporter: Kusmanjali
>            Assignee: Jared Bunting
>            Priority: Blocker
>
> Following filter chain is present in configureShiroWeb() function 
> addFilterChain("/**/first/second/**", AUTHC_BASIC, config(PERMS, "X:create"));
> addFilterChain("/**/first/**", AUTHC_BASIC, config(PERMS, "Y:create"));
> for a URL : example.appspot.com/_ah/api/hello/v1/first/second/third the access is granted
for a user with permission Y:create and not with X:create.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message