Add ability to configure basic authentication for specific HTTP methods
------------------------------------------------------------------------
Key: SHIRO-200
URL: https://issues.apache.org/jira/browse/SHIRO-200
Project: Shiro
Issue Type: Improvement
Components: Authentication (log-in), Web
Affects Versions: 1.0.0
Reporter: Peter Ledbrook
Fix For: 1.1.0
Currently, if one configures the basic authentication filter for a URL, it is
applied to all HTTP methods. However, I'd like the read-only methods (GET,
HEAD) to be completely open and only the update methods requiring
authentication. Proposed syntax:
{code}
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
{code}
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the
class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
