Jon Steege created SHIRO-497:
--------------------------------
Summary: setFilterChainDefinitionMap accepts Map interface
objects, whose implementations are mostly unordered
Key: SHIRO-497
URL: https://issues.apache.org/jira/browse/SHIRO-497
Project: Shiro
Issue Type: Improvement
Components: Configuration
Reporter: Jon Steege
Priority: Minor
org.apache.shiro.spring.web.ShiroFilterFactoryBean has a method,
setFilterChainDefinitionMap which accepts Map interface objects. Most Map
interface objects have no guaranteed order, but the filter chain definitions
rely heavily on specific ordering for the application of rules.
For example,
{code}
Map<String, String> filterChainDefs = new LinkedHashMap<String, String>();
filterChainDefs.put("/s/test", "authc");
filterChainDefs.put("/s/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefs);
{code}
In this example, this structure is acceptable to the setter on
shiroFilterFactoryBean, but will non-deterministically allow or deny access to
/s/test between server restarts.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
