[jira] [Commented] (SHIRO-621) REST filter bypassing matched path

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SHIRO-621) REST filter bypassing matched path

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971281#comment-15971281 ]

Matt Traynham commented on SHIRO-621:

Might be a dupe of SHIRO-579 which is resolved with SHIRO-605.  I'm waiting on it as well :P.

> REST filter bypassing matched path
> ----------------------------------
>                 Key: SHIRO-621
>                 URL: https://issues.apache.org/jira/browse/SHIRO-621
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Guice
>    Affects Versions: 1.4.0-RC2
>         Environment: Google App Engine
>            Reporter: Shilpi Das
>            Assignee: Jared Bunting
> The following filter chains are present in configureShiroWeb() function
> addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "X"));
> addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "Y"));
> When a request is made for an API- example.appspot.com/v1/first/second/third, the first filter is bypassed and the access is granted for a user with permission Y and not with X.
> I am using Shiro 1.4.0-RC2 version and Guice 3.0

This message was sent by Atlassian JIRA