Hi,
I am new to Shiro. I've been trying to protect all the paths except login,
logout, and index.
I have a simple servlet-based proof-of-concept, where the requirement is:
all the paths on context-root should be secure.
I've tried this configuration (web.xml snippet):
---------------------------------------
[filters]
authc =
org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /login.jsp
[urls]
/login.jsp = authc
#/validate is the servlet that creates token and calls
login()
/validate = anon
/login.jsp = anon
/index.jsp = anon
#removing the line below doesnt help either. It just blocks
index page when you hit context root.
/ = anon
/pages/** = user
# If I comment the line below things will start to work. But
I want any page on context-root (like <context_root>/mysecurepage.jsp) to be
protected
/** = user
...
...
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
------------------------------------------
I am not sure where I am going wrong. Can someone help me on this.
Thanks
Nishant
