[jira] [Updated] (SHIRO-411) Authentication not required for welcom-files in web.xml

Tue, 15 Jan 2013 06:00:21 -0800 

     [ 
https://issues.apache.org/jira/browse/SHIRO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Peter Bočák updated SHIRO-411:
------------------------------

    Description: 
Sample CAS server configuration as it was described in 
http://shiro.apache.org/cas.html (Complete configuration sample) doesn't 
require authentication for welcome files defined in web.xml.

INI configuration [urls]:
    /shiro-cas = casFilter
    /protected/** = roles[ROLE_USER]
    /** = anon

web.xml:
   <welcome-file-list>
        <welcome-file>protected/index.xhtml</welcome-file>
    </welcome-file-list>

When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro 
correctly redirects me to CAS server for authentication.
But if I access localhost:8080/shiro-cas/, application redirects me to 
specified welcome file /protected/index.xhtml without authentication.

  was:
Sample CAS server configuration as it was described in 
http://shiro.apache.org/cas.html (Complete configuration sample) not require 
authentication for welcome files defined in web.xml.

INI configuration [urls]:
    /shiro-cas = casFilter
    /protected/** = roles[ROLE_USER]
    /** = anon

web.xml:
   <welcome-file-list>
        <welcome-file>protected/index.xhtml</welcome-file>
    </welcome-file-list>

When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro 
correctly redirects me to CAS server for authentication.
But if I access localhost:8080/shiro-cas/, application redirects me to 
specified welcome file /protected/index.xhtml without authentication.

    
> Authentication not required for welcom-files in web.xml
> -------------------------------------------------------
>
>                 Key: SHIRO-411
>                 URL: https://issues.apache.org/jira/browse/SHIRO-411
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authorization (access control) , Realms , Web
>    Affects Versions: 1.2.1
>         Environment: Win 7, Glassfish 3.1.2.2
>            Reporter: Peter Bočák
>            Priority: Minor
>              Labels: cas
>
> Sample CAS server configuration as it was described in 
> http://shiro.apache.org/cas.html (Complete configuration sample) doesn't 
> require authentication for welcome files defined in web.xml.
> INI configuration [urls]:
>     /shiro-cas = casFilter
>     /protected/** = roles[ROLE_USER]
>     /** = anon
> web.xml:
>    <welcome-file-list>
>         <welcome-file>protected/index.xhtml</welcome-file>
>     </welcome-file-list>
> When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro 
> correctly redirects me to CAS server for authentication.
> But if I access localhost:8080/shiro-cas/, application redirects me to 
> specified welcome file /protected/index.xhtml without authentication.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to