Yes - programmatic control is possible by overriding the isEnabled(request, response) method:
http://shiro.apache.org/web.html#Web-RequestspecificEnabling%252FDisabling Cheers, -- Les Hazlewood CTO, Stormpath | http://stormpath.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood blog: http://leshazlewood.com stormpath blog: http://www.stormpath.com/blog On Thu, May 24, 2012 at 6:36 PM, Diogo Guerra <[email protected]> wrote: > Hi All, > > We are integrating shiro in your embedded web server (jetty 8) and we > provide off the shelf multiple web applications that require security. > > We have a requirement of in some cases do not require ssl, but in other > situations to for the usage of ssl. > > We share the SecurityManager among all the applications. Is there any way to > disable progamatically the ssl filter (to avoid going to all ini files and > remove the ssl filters..) ? > > Best Regards > > --Diogo
