bdemers commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-622089384
Thanks for following up @boris-petrov!
Re: needing to set the global SecurityManager, often it is used when
creating subjects manually outside of another context like a
mookkiah commented on pull request #57:
URL: https://github.com/apache/shiro/pull/57#issuecomment-622088034
@fpapon Created new PR #219 after resolving merge conflict.
@col-panic I agree that we can block IP using infrastructure solution like
nginx. That is an option in our design as
boris-petrov commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-622083516
@fpapon - great, no problem, thanks!
@bdemers - well, I'm doing programmatic configuration (without any `ini`
files) so I have to set the "global" `SecurityManager`,
mookkiah opened a new pull request #219:
URL: https://github.com/apache/shiro/pull/219
Resolved merge conflict from original PR #57 as per @fpapon recommendation.
This is an automated message from the Apache Git Service.
To
fpapon commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621880255
@boris-petrov As we have an open release vote (1.5.3), I will merge your PR
just after, don't worry if it take 2/3 days ;)
bmhm commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621806190
> @bmhm - yes, there could be a race-condition on updating the variable, but
this is not Shiro's concern, it is the application's. I.e. it is a bug in the
application. But `volatile`
col-panic commented on pull request #57:
URL: https://github.com/apache/shiro/pull/57#issuecomment-621801700
I switched my implementation to be behind an nginx that acts as reverse
proxy. This allows me to separate this concerns from the filter configuration
which is now done in nginx.
fpapon commented on pull request #57:
URL: https://github.com/apache/shiro/pull/57#issuecomment-621800188
@mookkiah feel free to resolve the conflict, we will merge it!
This is an automated message from the Apache Git
mookkiah commented on pull request #57:
URL: https://github.com/apache/shiro/pull/57#issuecomment-621797925
Hello @col-panic @bdemers - We are looking towards to have this IP filter
option in our application design. But seeing this PR left open concerns me. Is
there any reason or
boris-petrov commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621788736
@bmhm - yes, there could be a race-condition on updating the variable, but
this is not Shiro's concern, it is the application's. I.e. it is a bug in the
application. But
bmhm commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621778682
There could still be a race-condition on updating the variables. The
volatile keyword will fix the read. If this is not enough for every use case
(e.g. hold Threads while it is
fpapon commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621725257
@bdemers can you have a second eyes on it?
This is an automated message from the Apache Git Service.
To respond to
fpapon commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621724599
@boris-petrov ok I see it now, it make sense ;)
This is an automated message from the Apache Git Service.
To respond
boris-petrov commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621723281
@fpapon - thanks for the time.
Exactly the reference is the problem. Marking this field as volatile means
that whenever some thread sets the value (using
fpapon edited a comment on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621718756
@boris-petrov Thanks for the PR.
Can you explain a little more because I'm not sure in which case the
reference of the securityManager in the SecurityUtils will be
fpapon edited a comment on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621718756
@boris-petrov Thanks for the PR.
Can you explain a little more because I'm not sure to understand in which
case the reference of the securityManager in the SecurityUtils
fpapon commented on pull request #218:
URL: https://github.com/apache/shiro/pull/218#issuecomment-621718756
@boris-petrov Thanks for the PR.
Can you explain a little more because I'm sure in which case the reference
of the securityManager in the SecurityUtils will be updated, volatile
boris-petrov opened a new pull request #218:
URL: https://github.com/apache/shiro/pull/218
As it can be modified and read by different threads. This has been biting me
for a very long time now.
This is an automated message
fpapon merged pull request #217: [SHIRO-759] Upgrade to Karaf 4.2.8
URL: https://github.com/apache/shiro/pull/217
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
fpapon opened a new pull request #217: [SHIRO-759] Upgrade to Karaf 4.2.8
URL: https://github.com/apache/shiro/pull/217
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
fpapon merged pull request #216: [SHIRO-758] Upgrade to Jetty 9.4.27.v20200227
URL: https://github.com/apache/shiro/pull/216
This is an automated message from the Apache Git Service.
To respond to the message, please log on
fpapon commented on issue #216: [SHIRO-758] Upgrade to Jetty 9.4.27.v20200227
URL: https://github.com/apache/shiro/pull/216#issuecomment-613059177
retest this please
This is an automated message from the Apache Git Service.
fpapon opened a new pull request #216: [SHIRO-758] Upgrade to Jetty
9.4.27.v20200227
URL: https://github.com/apache/shiro/pull/216
This is an automated message from the Apache Git Service.
To respond to the message, please
fpapon merged pull request #215: [SHIRO-757] Upgrade to Htmlunit 2.39.0
URL: https://github.com/apache/shiro/pull/215
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
fpapon opened a new pull request #215: [SHIRO-757] Upgrade to Htmlunit 2.39.0
URL: https://github.com/apache/shiro/pull/215
This is an automated message from the Apache Git Service.
To respond to the message, please log on
fpapon merged pull request #214: [SHIRO-756] Upgrade to Spring 5.2.5.RELEASE
and Spring boot 2.2.6.REL…
URL: https://github.com/apache/shiro/pull/214
This is an automated message from the Apache Git Service.
To respond to
fpapon opened a new pull request #214: [SHIRO-756] Upgrade to Spring
5.2.5.RELEASE and Spring boot 2.2.6.REL…
URL: https://github.com/apache/shiro/pull/214
…EASE
This is an automated message from the Apache Git Service.
To
fpapon merged pull request #213: [SHIRO-755] Upgrade to Hazelcast 3.12.6
URL: https://github.com/apache/shiro/pull/213
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
fpapon opened a new pull request #213: [SHIRO-755] Upgrade to Hazelcast 3.12.6
URL: https://github.com/apache/shiro/pull/213
This is an automated message from the Apache Git Service.
To respond to the message, please log on
fpapon merged pull request #212: [SHIRO-754] Upgrade to Apache Commons Codec
1.14
URL: https://github.com/apache/shiro/pull/212
This is an automated message from the Apache Git Service.
To respond to the message, please log
fpapon opened a new pull request #212: [SHIRO-754] Upgrade to Apache Commons
Codec 1.14
URL: https://github.com/apache/shiro/pull/212
This is an automated message from the Apache Git Service.
To respond to the message,
fpapon merged pull request #206: Deprecate unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and
fpapon commented on issue #206: Deprecate unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-612091516
retest this please
This is an automated message from the Apache Git Service.
To respond to
fpapon commented on issue #206: Deprecate unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-612049734
@bdemers done
This is an automated message from the Apache Git Service.
To respond to the
fpapon commented on a change in pull request #206: Deprecate unsecure
XMLSerializer
URL: https://github.com/apache/shiro/pull/206#discussion_r406776173
##
File path: lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
##
@@ -34,7 +34,9 @@
* JavaBeans compatible!
bdemers commented on a change in pull request #206: Deprecate unsecure
XMLSerializer
URL: https://github.com/apache/shiro/pull/206#discussion_r406773094
##
File path: lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
##
@@ -34,7 +34,9 @@
* JavaBeans compatible!
fpapon commented on issue #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#issuecomment-611874618
@bmhm Thanks for the great work ;)
This is an
fpapon merged pull request #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210
This is an automated message from the Apache Git Service.
To respond to
fpapon commented on issue #206: Deprecate unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-611871821
@bdemers can you review please?
This is an automated message from the Apache Git Service.
fpapon merged pull request #57: Adding authcBearer to list of default filters
URL: https://github.com/apache/shiro-site/pull/57
This is an automated message from the Apache Git Service.
To respond to the message, please log
bmhm commented on a change in pull request #210: [SHIRO-530] INI parser does
not properly handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#discussion_r406378626
##
File path: config/core/src/test/groovy/org/apache/shiro/config/IniTest.groovy
##
bmhm commented on a change in pull request #210: [SHIRO-530] INI parser does
not properly handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#discussion_r406377704
##
File path: config/core/src/test/groovy/org/apache/shiro/config/IniTest.groovy
##
bmhm commented on a change in pull request #210: [SHIRO-530] INI parser does
not properly handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#discussion_r406376135
##
File path: config/core/src/test/groovy/org/apache/shiro/config/IniTest.groovy
##
fpapon commented on issue #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#issuecomment-611585938
I think the complexity is that we can have some regex or URI in the value,
so we have to deal correctly with the
bdemers commented on a change in pull request #210: [SHIRO-530] INI parser does
not properly handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#discussion_r406274872
##
File path: config/core/src/test/groovy/org/apache/shiro/config/IniTest.groovy
bdemers commented on a change in pull request #210: [SHIRO-530] INI parser does
not properly handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#discussion_r406273496
##
File path: config/core/src/test/groovy/org/apache/shiro/config/IniTest.groovy
fpapon commented on issue #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#issuecomment-611367374
retest this please
This is an automated message from
bdemers opened a new pull request #57: Adding authcBearer to list of default
filters
URL: https://github.com/apache/shiro-site/pull/57
This is an automated message from the Apache Git Service.
To respond to the message,
fpapon commented on issue #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#issuecomment-611040952
@bdemers can you review please just before I merge it?
fpapon merged pull request #211: [SHIRO-753] The context path is no longer used
when determining the path application path
URL: https://github.com/apache/shiro/pull/211
This is an automated message from the Apache Git
bdemers opened a new pull request #211: The context path is no longer used when
determining the path application path
URL: https://github.com/apache/shiro/pull/211
Servlet-Path + Path-Info is used instead
NOTE: some servlet containers will decode the context-path (Tomcat) and
fpapon merged pull request #208: [SHIRO-751] SimplePrincipalMap and
SimplePrincipalCollection throw different exceptions for the same problem
URL: https://github.com/apache/shiro/pull/208
This is an automated message from
bmhm closed pull request #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209
This is an automated message from the Apache Git Service.
To respond to the
bmhm commented on issue #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-607189167
Superseeded by https://github.com/apache/shiro/pull/210
fpapon commented on issue #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210#issuecomment-607133311
@bmhm sounds good!
This is an automated message from
bmhm opened a new pull request #210: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/210
…f values
- Do not skip escape characters for the value (new behaviour demanded by
SHIRO-530).
- rearrange and comment
fpapon merged pull request #56: [SHIRO-249] Create XML sitemap
URL: https://github.com/apache/shiro-site/pull/56
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub
bmhm edited a comment on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606678292
I am not so sure about this commit. It would be possible, in theory, that
someone misused the escaping
bmhm edited a comment on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606678292
I am not so sure about this commit. It would be possible, in theory, that
someone misused the escaping
bmhm commented on issue #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606678292
I am not so sure about this commit. It would be possible, in theory, that
someone misused the escaping backslashes
fpapon commented on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606454311
+1 for me, if we think it's not possible (ini specs) to have \\ in the key,
just throw an exception.
@bmhm Thanks
bmhm commented on a change in pull request #56: [SHIRO-249] Create XML sitemap
URL: https://github.com/apache/shiro-site/pull/56#discussion_r400659801
##
File path: robots.txt
##
@@ -0,0 +1 @@
+Sitemap: http://example.com/sitemap_location.xml
Review comment:
Thanks.
bmhm commented on issue #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606412522
> As for `"Truth\\=Beauty"`, I would _expect_ that that to be some sort of
error or at least a key with no value
bmhm edited a comment on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606185214
TODO:
- [x] document capture groups
- [x] remove `\\` from first capture group. It just makes no
bmhm edited a comment on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606185214
TODO:
- [ ] document capture groups
- [x] remove `\\` from first capture group. It just makes no
bmhm edited a comment on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606185214
TODO:
- [x] document capture groups
- [x] remove `\\` from first capture group. It just makes no
carnil commented on issue #203: [SHIRO-747] FirstSuccessfulStrategy now detects
empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-606378624
@bdemers: thank you
This is an automated message
bdemers commented on issue #203: [SHIRO-747] FirstSuccessfulStrategy now
detects empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-606270322
@carnil the fix (a path traversal issue):
bdemers commented on issue #55: [SHIRO-678] Add charset hint for authentication
data like passwords.
URL: https://github.com/apache/shiro-site/pull/55#issuecomment-606266610
LGTM, i'll test it out!
This is an automated
bdemers commented on a change in pull request #56: [SHIRO-249] Create XML
sitemap
URL: https://github.com/apache/shiro-site/pull/56#discussion_r400508135
##
File path: robots.txt
##
@@ -0,0 +1 @@
+Sitemap: http://example.com/sitemap_location.xml
Review comment:
bdemers commented on a change in pull request #56: [SHIRO-249] Create XML
sitemap
URL: https://github.com/apache/shiro-site/pull/56#discussion_r400508135
##
File path: robots.txt
##
@@ -0,0 +1 @@
+Sitemap: http://example.com/sitemap_location.xml
Review comment:
bdemers commented on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606253816
From SHIRO-530, it looks like we have:
|example (as input) | result (as java string) |
||--|
bmhm commented on issue #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606210911
?? Why introduce a new future? If you look at the tests, this was never
supported and those always got removed.
fpapon commented on issue #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606203267
We have some users that are using backslash in the key:
https://issues.apache.org/jira/browse/SHIRO-684
bmhm commented on issue #209: [SHIRO-530] INI parser does not properly handled
backslashes at end o…
URL: https://github.com/apache/shiro/pull/209#issuecomment-606185214
TODO:
- [ ] document capture groups
- [ ] remove `\\` from first capture group. It just makes no sense.
bmhm opened a new pull request #209: [SHIRO-530] INI parser does not properly
handled backslashes at end o…
URL: https://github.com/apache/shiro/pull/209
…f values
- Replace key-value-splitting with regex
- obscure disappearing escaping chars - please discuss!
bmhm opened a new pull request #56: [SHIRO-249] Create XML sitemap
URL: https://github.com/apache/shiro-site/pull/56
- moved existing site.xml to sitemap.xml
- referenced in new file robots.txt
- added link header to default template.
fpapon commented on issue #25: WIP: Ability to set a property value with an
enum in shiro.ini file
URL: https://github.com/apache/shiro/pull/25#issuecomment-605645893
supercedes by https://github.com/apache/shiro/pull/199
We can close this one
fpapon closed pull request #25: WIP: Ability to set a property value with an
enum in shiro.ini file
URL: https://github.com/apache/shiro/pull/25
This is an automated message from the Apache Git Service.
To respond to the
fpapon commented on issue #208: [SHIRO-751] SimplePrincipalMap and
SimplePrincipalCollection throw different exceptions for the same problem
URL: https://github.com/apache/shiro/pull/208#issuecomment-605622631
If PR are related to a Jira, the tempalte of the title should be:
bmhm commented on issue #55: [SHIRO-678] Add charset hint for authentication
data like passwords.
URL: https://github.com/apache/shiro-site/pull/55#issuecomment-605612485
@bdemers please review.
I have never used velocity templates before, so please check the external
link as well
bmhm opened a new pull request #55: [SHIRO-678] Add charset hint for
authentication data like passwords.
URL: https://github.com/apache/shiro-site/pull/55
This is an automated message from the Apache Git Service.
To respond
bmhm commented on issue #208: modifying the thrown exceptions of
SimplePrincipalCollection
URL: https://github.com/apache/shiro/pull/208#issuecomment-605589856
Two additional comments
1. Please update the title of this PR, the issue in square brackets.
2. I know this is an API
drzhonghao opened a new pull request #208: modifying the thrown exceptions of
SimplePrincipalCollection
URL: https://github.com/apache/shiro/pull/208
The bug report is
fpapon removed a comment on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604991715
@coheigea it make sense
This is an automated message from the Apache Git
carnil commented on issue #203: [SHIRO-747] FirstSuccessfulStrategy now detects
empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-605445582
Hi
On Sat, Mar 28, 2020 at 05:42:46AM -0700, Brian Demers wrote:
> The release yes, the CVE no.
bdemers commented on issue #203: [SHIRO-747] FirstSuccessfulStrategy now
detects empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-605442534
The release yes, the CVE no.
This is an
bmhm commented on a change in pull request #207: [SHIRO-750] update jax-rs
dependency to jakarta. Non-Breaking change.
URL: https://github.com/apache/shiro/pull/207#discussion_r399646963
##
File path: support/jaxrs/pom.xml
##
@@ -45,8 +45,8 @@
-
carnil edited a comment on issue #203: [SHIRO-747] FirstSuccessfulStrategy now
detects empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-605424542
@bdemers: Is this merge request relating to CVE-2020-1957 and
carnil commented on issue #203: [SHIRO-747] FirstSuccessfulStrategy now detects
empty principal correctly
URL: https://github.com/apache/shiro/pull/203#issuecomment-605424542
Is this merge request relating to CVE-2020-1957 and
https://www.openwall.com/lists/oss-security/2020/03/23/2?
bdemers commented on a change in pull request #207: [SHIRO-750] update jax-rs
dependency to jakarta. Non-Breaking change.
URL: https://github.com/apache/shiro/pull/207#discussion_r399488499
##
File path: support/jaxrs/pom.xml
##
@@ -45,8 +45,8 @@
-
bmhm commented on issue #207: [SHIRO-750] update jax-rs dependency to jakarta.
Non-Breaking change.
URL: https://github.com/apache/shiro/pull/207#issuecomment-605225607
Travis build log:
https://travis-ci.com/github/bmhm/shiro/builds/155929411
bmhm opened a new pull request #207: [SHIRO-750] update jax-rs dependency to
jakarta. Non-Breaking change.
URL: https://github.com/apache/shiro/pull/207
Please discuss whether or not this is a breaking change.
From my perspective it is not, feel free to prove me wrong :)
coheigea removed a comment on issue #206: Remove unused and unsecure
XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604986557
Maybe we could log a WARNING saying that it's insecure to use and just
remove it for the next major release?
fpapon commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604991715
@coheigea it make sense
This is an automated message from the Apache Git Service.
coheigea commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604986557
Maybe we could log a WARNING saying that it's insecure to use and just
remove it for the next major release?
fpapon commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604986509
@bdemers ok, thanks for the tips ;)
This is an automated message from the Apache
bdemers commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604984552
It could be use by an ini configured RemeberMeManager. We should just
deprecate it.
fpapon commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604974052
@bmhm yes I saw the error on Jenkins, I'm checking
This is an automated message
bmhm commented on issue #206: Remove unused and unsecure XMLSerializer
URL: https://github.com/apache/shiro/pull/206#issuecomment-604943334
It says:
```
[ERROR] Failed to execute goal
com.github.siom79.japicmp:japicmp-maven-plugin:0.14.1:cmp (japicmp) on project
shiro-lang: There is
301 - 400 of 1017 matches
Mail list logo