Hi Nishant, There is no longer a [filters] section (it is supported for backwards compatibility, but I would remove it). All object-based configuration should now be done in the [main] section.
Also, the easiest thing to do to find out what paths are being matched and which filters are executed as a result of the incoming request is to set a debugger breakpoint in your IDE in the org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver getChain(request, response, originalChain) method. This way you can see exactly which paths are being matched and you can see what happens when the chain is executed. Also, if you have a test case or simple test webapp, please send it along (create a Jira issue and attach it). It is very hard to debug anything without a test case or at least a starting point from which a test can be created. Regards, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Sun, Oct 10, 2010 at 11:20 PM, Nishant Neeraj <[email protected]> wrote: > Hi, > > I am new to Shiro. I've been trying to protect all the paths except login, > logout, and index. > I have a simple servlet-based proof-of-concept, where the requirement is: > all the paths on context-root should be secure. > > I've tried this configuration (web.xml snippet): > --------------------------------------- > [filters] > authc = > org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > authc.loginUrl = /login.jsp > > [urls] > /login.jsp = authc > #/validate is the servlet that creates token and calls > login() > /validate = anon > /login.jsp = anon > /index.jsp = anon > #removing the line below doesnt help either. It just blocks > index page when you hit context root. > / = anon > /pages/** = user > # If I comment the line below things will start to work. But > I want any page on context-root (like <context_root>/mysecurepage.jsp) to be > protected > /** = user > > ... > ... > > <filter-mapping> > <filter-name>ShiroFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > ------------------------------------------ > > I am not sure where I am going wrong. Can someone help me on this. > > > Thanks > Nishant > > >
