[jira] [Commented] (SHIRO-591) Basic Auth Filter permissive mode does NOT work

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SHIRO-591) Basic Auth Filter permissive mode does NOT work

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16219427#comment-16219427 ]

Marco Descher commented on SHIRO-591:
-------------------------------------

For the sake of reference :)

Does NOT work

HttpAuthenticationFeature feature = HttpAuthenticationFeature.universalBuilder()
                        .credentials("esadmin", AllTestsSuite.ADMIN_TEST_PASSWORD).build();
client.register(feature)

does work

HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("esadmin", AllTestsSuite.ADMIN_TEST_PASSWORD);
                final Client client = ClientBuilder.newClient();
                client.register(feature);

using OSGI Jax RS consumer.

> Basic Auth Filter permissive mode does NOT work
> -----------------------------------------------
>
>                 Key: SHIRO-591
>                 URL: https://issues.apache.org/jira/browse/SHIRO-591
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.3.0, 1.3.1, 1.3.2
>            Reporter: Brian Demers
>              Labels: regresion
>             Fix For: 1.4.0-RC2
>
>
> The fix for SHIRO-200 assumed all filter options were http methods, for example:
> {authcBasic[POST, GET]}
> However, the 'permissive' option is also valid, which instructs the filter to check for authentication, but NOT require it:
> {authcBasic[permissive]}
> Or the two combine in something like:
> authcBasic[permissive,POST, GET]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)