[
https://issues.apache.org/jira/browse/SHIRO-621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971281#comment-15971281
]
Matt Traynham commented on SHIRO-621:
-------------------------------------
Might be a dupe of SHIRO-579 which is resolved with SHIRO-605. I'm waiting on
it as well :P.
> REST filter bypassing matched path
> ----------------------------------
>
> Key: SHIRO-621
> URL: https://issues.apache.org/jira/browse/SHIRO-621
> Project: Shiro
> Issue Type: Bug
> Components: Integration: Guice
> Affects Versions: 1.4.0-RC2
> Environment: Google App Engine
> Reporter: Shilpi Das
> Assignee: Jared Bunting
>
> The following filter chains are present in configureShiroWeb() function
> addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC),
> filterConfig(REST, "X"));
> addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST,
> "Y"));
> When a request is made for an API- example.appspot.com/v1/first/second/third,
> the first filter is bypassed and the access is granted for a user with
> permission Y and not with X.
> I am using Shiro 1.4.0-RC2 version and Guice 3.0
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
