Peter Bočák created SHIRO-411:
---------------------------------
Summary: Authentication not required for welcom-files in web.xml
Key: SHIRO-411
URL: https://issues.apache.org/jira/browse/SHIRO-411
Project: Shiro
Issue Type: Bug
Components: Authorization (access control) , Realms , Web
Affects Versions: 1.2.1
Environment: Win 7, Glassfish 3.1.2.2
Reporter: Peter Bočák
Priority: Minor
Sample CAS server configuration as it was described in
http://shiro.apache.org/cas.html (Complete configuration sample) not require
authentication for welcome files defined in web.xml.
INI configuration [urls]:
/shiro-cas = casFilter
/protected/** = roles[ROLE_USER]
/** = anon
web.xml:
<welcome-file-list>
<welcome-file>protected/index.xhtml</welcome-file>
</welcome-file-list>
When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro
correctly redirects me to CAS server for authentication.
But if I access localhost:8080/shiro-cas/, application redirects me to
specified welcome file /protected/index.xhtml without authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
