Shilpi Das created SHIRO-621: -------------------------------- Summary: REST filter bypassing matched path Key: SHIRO-621 URL: https://issues.apache.org/jira/browse/SHIRO-621 Project: Shiro Issue Type: Bug Components: Integration: Guice Affects Versions: 1.4.0-RC2 Environment: Google App Engine Reporter: Shilpi Das Assignee: Jared Bunting
The following filter chains are present in configureShiroWeb() function addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "X")); addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "Y")); When a request is made for an API- example.appspot.com/v1/first/second/third, the first filter is bypassed and the access is granted for a user with permission Y and not with X. I am using Shiro 1.4.0-RC2 version and Guice 3.0 -- This message was sent by Atlassian JIRA (v6.3.15#6346)