[
https://issues.apache.org/jira/browse/SHIRO-497?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15199597#comment-15199597
]
Mike Richardson commented on SHIRO-497:
---------------------------------------
Agreed, the setFilterChainDefinitionMap method signature should not accept a
Map here, since there is nothing in the Map contract that guarantees order.
As a workaround, users should use a LinkedHashMap, which will iterate in the
order in which the entries were put into the map.
> setFilterChainDefinitionMap accepts Map interface objects, whose
> implementations are mostly unordered
> -----------------------------------------------------------------------------------------------------
>
> Key: SHIRO-497
> URL: https://issues.apache.org/jira/browse/SHIRO-497
> Project: Shiro
> Issue Type: Improvement
> Components: Configuration
> Reporter: Jon Steege
> Priority: Minor
>
> org.apache.shiro.spring.web.ShiroFilterFactoryBean has a method,
> setFilterChainDefinitionMap which accepts Map interface objects. Most Map
> interface objects have no guaranteed order, but the filter chain definitions
> rely heavily on specific ordering for the application of rules.
> For example,
> {code}
> Map<String, String> filterChainDefs = new HashMap<String, String>();
> filterChainDefs.put("/s/test", "authc");
> filterChainDefs.put("/s/**", "anon");
> shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefs);
> {code}
> In this example, this structure is acceptable to the setter on
> shiroFilterFactoryBean, but will non-deterministically allow or deny access
> to /s/test between server restarts.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
