[GitHub] [shiro] tomsun28 opened a new pull request #201: [SHIRO-742]fix throw exception when request uri is /

Sat, 08 Feb 2020 04:18:00 -0800 

tomsun28 opened a new pull request #201: [SHIRO-742]fix throw exception when 
request uri is /
URL: https://github.com/apache/shiro/pull/201
 
 
   this bug due to my pr  [SHIRO-682 fix the potential threat when use "uri = 
uri + '/' " to bypassed shiro](https://github.com/apache/shiro/pull/127) in 
1.5, sorry 
   
   as the @jaynlau [comment](https://github.com/apache/shiro/pull/181)
   under is @jaynlau report  
   ````
   Can not get the NamedFilterList when request uri is "/".
   
   java.lang.IllegalArgumentException: There is no configured chain under the 
name/key [].
        at 
org.apache.shiro.web.filter.mgt.DefaultFilterChainManager.proxy(DefaultFilterChainManager.java:322)
 ~[shiro-web-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver.getChain(PathMatchingFilterChainResolver.java:126)
 ~[shiro-web-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.web.servlet.AbstractShiroFilter.getExecutionChain(AbstractShiroFilter.java:415)
 ~[shiro-web-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:448)
 ~[shiro-web-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
 ~[shiro-web-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
 ~[shiro-core-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) 
~[shiro-core-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
 ~[shiro-core-1.5.0.jar:1.5.0]
        at 
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
 ~[shiro-web-1.5.0.jar:1.5.0]
   
   The value of pathPattern is changed from "/" to "" , matching path 
definition / = user failed.
   Because chainName is "/", not "".
   
   ````
   this pr's solution is bypass substring  when the request uri and pathPattern 
is /
   please let me konw if any other better solution,
   thanks  @jaynlau ^~^

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to