Stock created SHIRO-553:
---------------------------
Summary: Parsing od roles filter on urls incorrect
Key: SHIRO-553
URL: https://issues.apache.org/jira/browse/SHIRO-553
Project: Shiro
Issue Type: Bug
Components: Configuration
Affects Versions: 1.2.4
Environment: Web application where shiro should authorize a specific
URL formore than 1 role
Reporter: Stock
My SHIRO.INI on URLS section:
[urls]
/rest/test/** = authcBasic, roles[admin,normal]
Unfortuntely Shiro can't read correctly the array of roles.
I think the bug is in StringUtils class int the method:
public static String[] split(String aLine, char delimiter, char beginQuoteChar,
char endQuoteChar, boolean retainQuotes, boolean trimTokens)
At line 392 there is an IF stament:
} else if (c == delimiter && !inQuotes) {
I believe that the NOT in Quotes is wrong because it should read the token if
it is inQuote.
Furthermore this method seems to be called with the argument "retainQuotes" set
to TRUE. I thing, for RolesFilter should be called with FALSE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
