[ https://issues.apache.org/jira/browse/SHIRO-621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shilpi Das updated SHIRO-621: ----------------------------- Affects Version/s: 1.4.0 Description: The following filter chains are present in configureShiroWeb() function addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "X")); addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "Y")); When a request is made for an API- example.appspot.com/v1/first/second/third, the first filter is bypassed and the access is granted for a user with permission Y and not with X. I am using Shiro 1.4.0-RC2 version and Guice 3.0. I have also tried using Shiro 1.4.0 with Guice 4.0. was: The following filter chains are present in configureShiroWeb() function addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "X")); addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, "Y")); When a request is made for an API- example.appspot.com/v1/first/second/third, the first filter is bypassed and the access is granted for a user with permission Y and not with X. I am using Shiro 1.4.0-RC2 version and Guice 3.0 > REST filter bypassing matched path > ---------------------------------- > > Key: SHIRO-621 > URL: https://issues.apache.org/jira/browse/SHIRO-621 > Project: Shiro > Issue Type: Bug > Components: Integration: Guice > Affects Versions: 1.4.0-RC2, 1.4.0 > Environment: Google App Engine > Reporter: Shilpi Das > Assignee: Jared Bunting > Priority: Major > > The following filter chains are present in configureShiroWeb() function > addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), > filterConfig(REST, "X")); > addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, > "Y")); > When a request is made for an API- example.appspot.com/v1/first/second/third, > the first filter is bypassed and the access is granted for a user with > permission Y and not with X. > I am using Shiro 1.4.0-RC2 version and Guice 3.0. > I have also tried using Shiro 1.4.0 with Guice 4.0. -- This message was sent by Atlassian JIRA (v7.6.3#76005)