ignore me. your configuration should work. Here is an example project that uses two types of authentication of which one is basic auth.
https://github.com/dominicfarr/skybird-shiro authenticating with either allows access to the other and vice versa On 3 March 2014 08:07, Dominic Farr <[email protected]> wrote: > I think your problem is that basic authentication isn't stored in a > session or session identifier, and therefore shiro isn't aware of it in the > same way CAS or authC filter is. > > Why not proxy your web calls to your api behind a url that needs casFilter. > > -d > > > > On 3 March 2014 07:37, skybird <[email protected]> wrote: > >> I have a web application that has some web services and some account >> pages. >> When protected account pages are accessed it authenticates against CAS. >> That >> works fine. >> >> If a webservice is invoked by the same application the rest service should >> not need authentication any more. However rest services are also exposed >> and >> I want authcBasic enabled on them if the client is not my own web app. So >> my >> question is how do I configure the /rest/** url so that it does not ask >> for >> authentication if it is being called from an authenticated CAS user but >> prompt for basic auth if the client is not my web app? >> >> Heres my shiro urls section config: >> >> [urls] >> /shiro-cas = casFilter >> /account/** = roles[ROLE_USER] >> /rest/** = authcBasic >> >> >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/authcBasic-with-shiro-cas-tp7579708.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
