Hi Chris,
You can set (programmatically):
shiroFilter.setEnabled(false); and it will allow all requests through
unfiltered.
One way of implementing this support is to do the following:
If you create a subclass of ShiroFilter you can override init() method
to look for a servlet init param and react accordingly.
For example:
@Override
public void init() throws Exception {
String paramValue = getInitParam("enabled");
if (paramValue != null) {
if ("false'.equalsIgnoreCase(paramValue)) {
setEnabled(false);
}
}
super.init();
}
Then add an init param:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
<init-param>
<param-name>enabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>
It's just an idea. However you choose to call the setEnabled method
is up to you.
HTH,
--
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: @lhazlewood | http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com
On Mon, Feb 6, 2012 at 12:20 PM, Christopher Richmond
<[email protected]> wrote:
> Hello,
>
> I have a web.xml configured shiro secured web application working fine using
> inline config.
>
> I am using it with an embedded Jetty instance.
>
> I am using Shiro 1.1.0. I would like to know the best practice for
> disabling the shiro filter completely programatically. Since the web server
> is bundled in another software package, I do not want to require the
> administrator of my server application to tinker with or even be aware of
> the web.xml file.
>
> I would be open to changing my Shiro filter (shown here) from my web.xml to
> being added programmatically to my embedded Jetty instance, however this has
> proven to be difficult as I am not able to get it working due to my
> unfamiliarity with the API.
> If I could recreate this filter via code, then the enabling or disabling
> becomes easy as I simply do not add it via code if I choose not to.
>
> Otherwise I simply would disable this filter via code after server.start().
>
> <filter>
> <filter-name>Shiro</filter-name>
> <filter-class>
> org.apache.shiro.web.servlet.IniShiroFilter
> </filter-class>
> <init-param>
> <param-name>config</param-name>
> <param-value>
> [main]
>
> authcRealm = my.security .WebRealm
> authc2 = org.apache.shiro.web.filter.authc.FormAuthenticationFilter
>
> lookedUpRealm = my.security.WebRealm
> authc.loginUrl = /login.jsp
> authc2.loginUrl = /
> securityManager.realms = $lookedUpRealm
>
>
> [urls]
> /secure/** = authc
> /login.jsp = authc
> / = authc2
> </param-value>
> </init-param>
> </filter>
>
>
>
> <filter-mapping>
> <filter-name>Shiro</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
