[jira] [Updated] (SHIRO-621) REST filter bypassing matched path

Tue, 13 Feb 2018 22:37:29 -0800 

     [ 
https://issues.apache.org/jira/browse/SHIRO-621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shilpi Das updated SHIRO-621:
-----------------------------
    Affects Version/s: 1.4.0
          Description: 
The following filter chains are present in configureShiroWeb() function

addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), 
filterConfig(REST, "X"));
 addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, 
"Y"));

When a request is made for an API- example.appspot.com/v1/first/second/third, 
the first filter is bypassed and the access is granted for a user with 
permission Y and not with X.

I am using Shiro 1.4.0-RC2 version and Guice 3.0.

I have also tried using Shiro 1.4.0 with Guice 4.0.

  was:
The following filter chains are present in configureShiroWeb() function

addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), 
filterConfig(REST, "X"));
addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, 
"Y"));

When a request is made for an API- example.appspot.com/v1/first/second/third, 
the first filter is bypassed and the access is granted for a user with 
permission Y and not with X.

I am using Shiro 1.4.0-RC2 version and Guice 3.0


> REST filter bypassing matched path
> ----------------------------------
>
>                 Key: SHIRO-621
>                 URL: https://issues.apache.org/jira/browse/SHIRO-621
>             Project: Shiro
>          Issue Type: Bug
>          Components: Integration: Guice
>    Affects Versions: 1.4.0-RC2, 1.4.0
>         Environment: Google App Engine
>            Reporter: Shilpi Das
>            Assignee: Jared Bunting
>            Priority: Major
>
> The following filter chains are present in configureShiroWeb() function
> addFilterChain("/**/first/second/third/**", filterConfig(AUTHC_BASIC), 
> filterConfig(REST, "X"));
>  addFilterChain("/**/first/**", filterConfig(AUTHC_BASIC), filterConfig(REST, 
> "Y"));
> When a request is made for an API- example.appspot.com/v1/first/second/third, 
> the first filter is bypassed and the access is granted for a user with 
> permission Y and not with X.
> I am using Shiro 1.4.0-RC2 version and Guice 3.0.
> I have also tried using Shiro 1.4.0 with Guice 4.0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to