The URLs are just ANT paths: https://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/AntPathMatcher.html
So something like this should work: [urls] /index* = ssl, authBasic On Wed, Nov 2, 2016 at 11:30 AM, Björn Raupach <[email protected]> wrote: > Hello group, > > is there any support for filtering urls without looking at the extension? > Maybe we have overlooked it. > > In our use case we work with JavaServer Faces (JSF). In web.xml we map the > JSF servlet to .jsf. > > An example shiro.ini: > > [urls] > /index.jsf = ssl, authBasic > > You can bypass the JSF servlet *and* the Shiro Filter by requesting > /index.xhtml. > > The requesting party only gets the xhtml page, with all the JSF spaghetti > included, but it won’t be processed. > > It would be nice to declare /index = ssl, authBasic regardless of the > extension. > > Another option is a deny filter so I could have /index.xhtml = deny for > example. > > Any thoughts on this? > > /Björn
