Yes Les, you are correct that this approach could be dangerous. However, our
security configuration is elsewhere (through AOP intercept of jax-rs
annotated methods). The reason this is attractive to us is that it allows
simple shell scripting with curl, without changing the behavior of the JS ui
that does not have an actual login page without the http auth challenge
grabbing control of presentation.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/simple-auth-hack-tp5623918p5624366.html
Sent from the Shiro User mailing list archive at Nabble.com.
