[
https://issues.apache.org/jira/browse/SHIRO-579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417851#comment-15417851
]
Kusmanjali commented on SHIRO-579:
----------------------------------
Following are guice related dependencies
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>4.0</version>
<classifier>no_aop</classifier>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-servlet</artifactId>
<version>4.0</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>16.0.1</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-guice</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-multibindings</artifactId>
<version>4.0</version>
</dependency>
> Permission filter is validating last matched path
> -------------------------------------------------
>
> Key: SHIRO-579
> URL: https://issues.apache.org/jira/browse/SHIRO-579
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Guice
> Affects Versions: 1.3.0
> Environment: Google App Engine
> Reporter: Kusmanjali
> Assignee: Jared Bunting
> Priority: Blocker
>
> Following filter chain is present in configureShiroWeb() function
> addFilterChain("/**/first/second/**", AUTHC_BASIC, config(PERMS, "X:create"));
> addFilterChain("/**/first/**", AUTHC_BASIC, config(PERMS, "Y:create"));
> for a URL : example.appspot.com/_ah/api/hello/v1/first/second/third the
> access is granted for a user with permission Y:create and not with X:create.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
