Markus W Mahlberg created SHIRO-523:
---------------------------------------
Summary: Create annotation which allows access for both Guests and
users.
Key: SHIRO-523
URL: https://issues.apache.org/jira/browse/SHIRO-523
Project: Shiro
Issue Type: New Feature
Components: Authentication (log-in), Authorization (access control) ,
Configuration
Affects Versions: 1.2.3
Environment: shiro-web with shiro-aop
Reporter: Markus W Mahlberg
At the moment, it is necessary to have the anonymous filter explicitly
configured for an url.
There is no annotation for marking publicly available methods.
This way, it is not possible to do an annotation-only configuration of methods.
The optimal solution would be that everything is filtered through an auth
filter, but methods annotated with (at)Anonymous for example do not lead to a
redirection to the login url.
This makes sense in cases where you want to have a default config set in a base
artifact integrating Shiro and applications using that artifact should be
enabled to do the actual configuration of which methods are accessible for
anonymous users.
RequiresGuest is not sufficient, as it will deny access to authenticated users.
The lack of this feature makes it very hard to incorporate Shiro into a web
framework providing a sane default configuration (filter everything through
authc/authc_basic) and still let the user decide where to make exemptions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
