[jira] [Created] (SHIRO-521) Allow specific permissions for wsdl / wadl & xsd

Fri, 10 Oct 2014 06:16:58 -0700 

Barry Knapp created SHIRO-521:
---------------------------------

             Summary: Allow specific permissions for wsdl / wadl & xsd
                 Key: SHIRO-521
                 URL: https://issues.apache.org/jira/browse/SHIRO-521
             Project: Shiro
          Issue Type: Bug
          Components: Web
    Affects Versions: 1.2.2, 2.0.0
            Reporter: Barry Knapp
            Priority: Minor


ShiroFilterFactoryBean should have a setFilterChainResolver to allow overriding 
the PathMatchingFilterChainResolver being created in the createInstance method.

I would like to allow wsdl, wadls and xsds for anon while the same URI

<bean id="shiroFilter" 
class="com.railinc.shiro.spring.web.ShiroFilterFactoryBean">
            <property name="securityManager" ref="securityManager"/>
            <property name="pathWithParamMatchingFilterChainResolver " 
ref="pathWithParamMatchingFilterChainResolver "
            <property name="filterChainDefinitions">
                <value>
                <!-- allow access to wsdls, wadls and schemas -->
                    /services/validation/r2009v1?_wadl = noSessionCreation, anon
                    /services/soap/equipmentValidationService/r2009v1?wsdl = 
noSessionCreation, anon
                    <!-- replace = in the path with ? for the pattern matcher 
-->
                    
/services/soap/equipmentValidationService/r2009v1?xsd?../schemas/ExampleEquipmentValidation.xsd
 = noSessionCreation, anon
                    
/services/soap/equipmentValidationService/r2009v1?xsd?./bindingMapping.xsd = 
noSessionCreation, anon
                    
/services/soap/equipmentValidationService/r2009v1?xsd?./ExampleRailincEquipment.xsd
 = noSessionCreation, anon               
                        /** = noSessionCreation, authcBasic
                </value>
            </property>
        </bean>



Then I could extend PathMatchingFilterChainResolver as such

public class PathWithParamMatchingFilterChainResolver extends 
PathMatchingFilterChainResolver {
        
        @Override
        protected String getPathWithinApplication(ServletRequest request) {
                HttpServletRequest httpReq =WebUtils.toHttp(request);
                StringBuilder completeURI = new StringBuilder();
                completeURI.append( WebUtils.getPathWithinApplication(httpReq));
                String queryStr = httpReq.getQueryString();
                if(!StringUtils.isEmpty(queryStr)){
                        completeURI.append("?");
                        completeURI.append(queryStr);
                }
                return completeURI.toString();
        }
}





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to