shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From skybird <>
Subject authcBasic with shiro-cas
Date Mon, 03 Mar 2014 07:37:40 GMT
I have a web application that has some web services and some account pages. 
When protected account pages are accessed it authenticates against CAS. That
works fine.

If a webservice is invoked by the same application the rest service should
not need authentication any more. However rest services are also exposed and
I want authcBasic enabled on them if the client is not my own web app. So my
question is how do I configure the /rest/** url so that it does not ask for
authentication if it is being called from an authenticated CAS user but
prompt for basic auth if the client is not my web app?

Heres my shiro urls section config:

/shiro-cas = casFilter
/account/** = roles[ROLE_USER]
/rest/** = authcBasic

View this message in context:
Sent from the Shiro User mailing list archive at

View raw message