[ https://issues.apache.org/jira/browse/AURORA-1576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amol Deshmukh reassigned AURORA-1576: ------------------------------------- Assignee: Amol Deshmukh > Allow for plugging in cli-configurable filters that are invoked post shiro > filters. > ----------------------------------------------------------------------------------- > > Key: AURORA-1576 > URL: https://issues.apache.org/jira/browse/AURORA-1576 > Project: Aurora > Issue Type: Task > Reporter: Amol Deshmukh > Assignee: Amol Deshmukh > > Currently, the command line option {{shiro_realm_modules}} allows plugging in > custom modules that can extend/configure the http security functionality. > However, loading such modules from within a {{ShiroWebModule}} prevents > plugging in a Guice module that extends {{ServletModule}} due to a Guice > limitation ^✝^. This makes it impossible to register a custom filter ^✝✝^ > that intercepts the request post the shiro filter chain via the > shiro_realm_modules hook. > ✝ ~HttpSecurityModule is a ServletModule which loads the shiro_real_modules > via ShiroWebModule which is a PrivateModule. While Guice allows registering > nested ServletModules, it does not allow registering nested ServletModules > via an intervening PrivateModule. A similar issue has been reported as [Guice > issue #639|https://github.com/google/guice/issues/639].~ > ✝✝ ~Such a filter may be used, for example, to implement a delegation > mechanism by inspecting custom headers in the request.~ -- This message was sent by Atlassian JIRA (v6.3.4#6332)