shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kalle Korhonen <kalle.o.korho...@gmail.com>
Subject Re: Using Shiro with Icefaces.
Date Tue, 05 Oct 2010 14:58:34 GMT
On Tue, Oct 5, 2010 at 2:23 AM, pkerrigan <pkerrigan@hp.com> wrote:
> My working example program had a public home page and a secure area, but I
> want to restrict access to ALL pages in my Icefaces application. To do this
> I added /** = authc to the url section as shown below.
> When I do this to my working example program it stops working in the same
> way as with the Icefaces webapp, even though I have added the /login.jsp =
> authc line.
> What is the correct way to restrict access to all pages?

"Correct" way is up to you. Nothing wrong with /** - that's pretty
secure, but then you need to "poke holes" through it. Specify
something like:
/loginpost.url = anon
(see http://incubator.apache.org/shiro/web.html) to make specific urls
available to all users (including anonymous users) before /** = authc
line (only authenticated users can access any url).

Kalle


>               [filters]
>                authc.loginUrl = /login.jsp
>                roles.unauthorizedUrl = /unauthorized.jsp
>
>                [urls]
>                /login.jsp = authc
>                /secure/** = authc, roles[user]
>                /admin/** = authc, roles[admin]
>                /** = authc
>
>
> -----
> regards,
> Philip Kerrigan
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Using-Shiro-with-Icefaces-tp5600653p5602443.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Mime
View raw message