[
https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers updated SHIRO-200:
-------------------------------
Labels: patch patch-with-test (was: )
> Add ability to configure basic authentication for specific HTTP methods
> ------------------------------------------------------------------------
>
> Key: SHIRO-200
> URL: https://issues.apache.org/jira/browse/SHIRO-200
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Web
> Affects Versions: 1.0.0
> Reporter: Peter Ledbrook
> Labels: patch, patch-with-test
> Fix For: 1.3.0
>
> Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is
> applied to all HTTP methods. However, I'd like the read-only methods (GET,
> HEAD) to be completely open and only the update methods requiring
> authentication. Proposed syntax:
> <pre>
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> </pre>
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the
> class it's testing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
