Ah yes! I'm sorry I misunderstood you - it wasn't clear to me that you wanted to override a setting for an individual filter (the example you gave showed it as a main property of the ShiroFilterFactoryBean and I guess that threw me off).
Yes, what you have done is the correct thing to do - the defaults filters (with their default settings) are there only as a convenience to those that can use them without config changes. In Spring, you override it by placing a different instance in the map (with the same name as the key), exactly as you have done. Cheers, Les On Fri, Mar 15, 2013 at 6:03 AM, Richard Adams <[email protected]> wrote: > OK, I've figured this out now - > 1) Add spring util namespace to the file > 2) Override the instance with your own bean, using as a key the name of the > filter (ssl, anon, etc): > <util:map> > <!-- Overrides default sslFilter to better handle > enablement/disablement --> > <entry key="ssl" value-ref="ssl2"/> > </util:map> > > <bean id="ssl2" > class="com.axiope.webapp.filter.ShiroSslFilterMavenAgnostic"> > <property name="enabledOverride" value="${ssl.enabled}"/> > </bean> > In our case, we overrode the SslFilter to better handle input to the > setEnabled() method - we're using Maven resource filtering, which doesn't > work with jetty, > so needed to handle the case where 'value' is an unresolved variable like > ${ssl.enabled}. But of course you can just use Shiro's Ssl filter here too. > > Hope this thread is useful to someone at some point. > > Richard > > On 14 Mar 2013, at 17:42, Richard Adams wrote: > >> Hello, >> We're making our Spring -MVC based web app run over Https, and use Shiro >> pretty much out of the box. We're using Spring 3.2. >> We've got some teething troubles getting it https set up on our server so >> I'd like to 'eliminate from our enquiries' our Shiro config - there's >> excellent docs on the shiro.ini file but for Spring XML based config it's a >> little more sparse. >> >> Specifically, >> 1) Is the setup below the correct way to add the 'ssl.enabled' property to >> the config files? >> 2) How do we ensure that the /login URL works over HTTPS? Do we just add >> it to the list of filterChainDefinitions, or does it need some special >> treatment, or does Shiro automatically used ssl if possible? >> >> E.g., >> >> <bean id="shiroFilter" >> class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> >> <property name="securityManager" ref="securityManager"/> >> <!-- override these for application-specific URLs if you like:--> >> >> <property name="loginUrl" value="/login"/> >> <property name="successUrl" value="/notebook"/> >> <property name="unauthorizedUrl" value="login?error=true"/> >> <property name="ssl.enabled" value="false"/> >> <!-- The 'filters' property is not necessary since any declared >> javax.servlet.Filter bean --> >> <!-- defined will be automatically acquired and available via its >> beanName in chain --> >> <!-- definitions, but you can perform instance overrides or name >> aliases here if you like: --> >> <!-- <property name="filters"> >> <util:map> >> <entry key="anAlias" value-ref="someFilter"/> >> </util:map> >> </property> --> >> <property name="filterChainDefinitions"> >> <value> >> # some example chain definitions: >> /images/**=anon >> /videos/**=anon >> /styles/**=anon >> /scripts/**=anon >> /admin/** = authc,ssl >> /signup/** = anon >> /** = authc,ssl >> # more URL-to-FilterChain definitions here >> </value> >> </property> >> </bean> >> >> >> Many thanks >> >> Richard >> >> Richard Adams >> [email protected] >> >> >> >> > > Richard Adams > [email protected] > > > >
