Question:
when I do this:
> [main]
> authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
[snip!]
> [urls]
> /api/** = anon
> /** = authc, role[myapprole]
don't I then use a different filter than PassThruAuthenticationFilter
for /api/?
Can I do this and still use
> Brian Demers :
> You can also use `@RequireRoles("myapprole")` annotation instead of
> the permission one.
> I think the problem you might be running into is the
> `PassThruAuthenticationFilter` doesn't have a "permissive" option, so
> it's likely redirecting on that fitler.
Ok. I can't
You can also use `@RequireRoles("myapprole")` annotation instead of
the permission one.
I think the problem you might be running into is the
`PassThruAuthenticationFilter` doesn't have a "permissive" option, so
it's likely redirecting on that fitler.
To work around this, you could use the form
The 2021 December ASF board report is due tomorrow. I've created an
initial draft here:
https://svn.apache.org/repos/asf/shiro/board/2021-12.txt
Comments, suggestions, and feedback are welcome. Otherwise, it will
be submitted tomorrow.
Thanks to Benjamin (bmarwell) for putting this together!
Side note: shiro-jaxrs and RequiresPermissions annotations may be a way
to accomplish what I want to do.
But what I really wanted was something simpler: avoid 302 redirects for
the part of URL space used by ajax calls (since 302s are handled by the
browser and never reach the ajax code waiting
> Brian Demers :
> This post is a little old (dependency wise), but it should still be accurate.
Hm... I'm on shiro-1.7.0 currently, so the mentioned shiro-jaxrs should be
available...?
(and currently on jersey 1.8.4, if that matters...?)
> See the bit about the "permissive" filter.
>
