Re: Shiro integration with Spring Boot and filter chain ordering.

Thu, 23 Oct 2014 03:34:28 -0700 

this suggests it is a matching, not ordering, issue. will dropping the
trailing slash on anon health path help?

factory.setFilterChainDefinitions(
                         "/manage/health=anon\n” +
                         "/manage/**=authc\n");

On 23 October 2014 10:49, Richard Adams <[email protected]> wrote:

> Hi Dominic
>  Thanks for the suggestion, I tried this but still the /manage/health/ URL
> is asking for a login. If I add all the endpoints explicitly it works fine,
> using either String or Map based configuration.
> E.g.,
> factory.setFilterChainDefinitions(
>                      "/manage/health/=anon\n"+
>                          "/manage/metrics/**=authc\n"+
>                          "/manage/beans/**=authc\n"+
>                          "/manage/trace/**=authc\n"+
>                          "/manage/mappings/**=authc\n"+
>                          "/manage/dump/**=authc\n"+
>                          "/manage/autoconfig/**=authc\n"+
>                          "/manage/env/**=authc\n"+
>                          "/manage/info/**=authc”);
> .
> Thanks
>  Richard
> > On 23 Oct 2014, at 08:53, Richard Adams <[email protected]>
> wrote:
> >
> > Hi,
> > I’ve been using Shiro quite happlly for some years now in an existing
> project. Recently I started a new project using Spring Boot, and wanted to
> use Shiro rather than learn Spring Security, which is the ‘default’
> security option in Spring Boot..
> >
> > The configuration is pure Java and it took a little while to get set up,
> but I’ve documented my experiences in a blog post in case it’s useful to
> others:
> >
> >
> http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
> >
> > One problem I’ve not been able to fix is the ordering of filter chain
> definitions.
> > public ShiroFilterFactoryBean shiroFilter (){
> > ShiroFilterFactoryBean factory =  new ShiroFilterFactoryBean ();
> > ……..
> > factory.setFilterChainDefinitions(
> >                        "/manage/health/=anon\n” +
> >                        "/manage/**=authc\n”
> >                           );
> > …..
> > }
> >
> > For example, I’d like to make /manage/health to allow anonymous access,
> but all other URLS under manage/ to require authentication.
> > This type of approach works fine using XML configuration in my old
> project, but in the new Spring Boot project the '/manage/health‘ URL
> triggers the authentication filter. I’ve tried to swap them but no success.
> Does anyone have any suggestions on how to configure the ordering properly
> using Java rather than .ini or XML config?
> >
> > Thanks
> >  Richard
> >
> >
> > Richard Adams
> > [email protected]
> >
> >
> >
> >
>
> Richard Adams
> [email protected]
>
>
>
>
>

Reply via email to