Hello,
I have a web.xml configured shiro secured web application working fine
using inline config.
I am using it with an embedded Jetty instance.
I am using Shiro 1.1.0. I would like to know the best practice for
disabling the shiro filter completely programatically. Since the web
server is bundled in another software package, I do not want to require the
administrator of my server application to tinker with or even be aware of
the web.xml file.
I would be open to changing my Shiro filter (shown here) from my web.xml
to being added programmatically to my embedded Jetty instance, however this
has proven to be difficult as I am not able to get it working due to my
unfamiliarity with the API.
If I could recreate this filter via code, then the enabling or disabling
becomes easy as I simply do not add it via code if I choose not to.
Otherwise I simply would disable this filter via code after server.start().
<filter>
<filter-name>Shiro</filter-name>
<filter-class>
org.apache.shiro.web.servlet.IniShiroFilter
</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>
[main]
authcRealm = my.security .WebRealm
authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
lookedUpRealm = my.security.WebRealm
authc.loginUrl = /login.jsp
authc2.loginUrl = /
securityManager.realms = $lookedUpRealm
[urls]
/secure/** = authc
/login.jsp = authc
/ = authc2
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Shiro</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
