[jira] [Commented] (SHIRO-411) Authentication not required for welcome-files in web.xml

Wed, 08 May 2013 07:49:18 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13651947#comment-13651947
 ] 

Felipe Jaekel commented on SHIRO-411:
-------------------------------------

After my previous post I ended up with a similar workaround:

<%@ page session="false" %>

<%      response.sendRedirect("page/restricted.jsf"); %>


And I have declared Shiro Filter this way:

        <filter>
                <filter-name>ShiroFilter</filter-name>
                
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>ShiroFilter</filter-name>
                <url-pattern>/*</url-pattern>
                <dispatcher>FORWARD</dispatcher>
                <dispatcher>REQUEST</dispatcher>
                <dispatcher>INCLUDE</dispatcher>
                <dispatcher>ERROR</dispatcher>
        </filter-mapping>


So I still consider its a bug.

Thanks,
Phillip
                
> Authentication not required for welcome-files in web.xml
> --------------------------------------------------------
>
>                 Key: SHIRO-411
>                 URL: https://issues.apache.org/jira/browse/SHIRO-411
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authorization (access control) , Realms , Web
>    Affects Versions: 1.2.1
>         Environment: Win 7, Glassfish 3.1.2.2 or Tomcat 7
>            Reporter: Peter Bočák
>              Labels: cas
>
> Sample CAS server configuration as it was described in 
> http://shiro.apache.org/cas.html (Complete configuration sample) doesn't 
> require authentication for welcome files defined in web.xml.
> INI configuration [urls]:
>     /shiro-cas = casFilter
>     /protected/** = roles[ROLE_USER]
>     /** = anon
> web.xml:
>    <welcome-file-list>
>         <welcome-file>protected/index.xhtml</welcome-file>
>     </welcome-file-list>
> When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro 
> correctly redirects me to CAS server for authentication.
> But if I access localhost:8080/shiro-cas/, application redirects me to 
> specified welcome file /protected/index.xhtml without authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to