OK, I've figured this out now -
1) Add spring util namespace to the file
2) Override the instance with your own bean, using as a key the name
of the filter (ssl, anon, etc):
<util:map>
<!-- Overrides default sslFilter to better handle
enablement/disablement -->
<entry key="ssl" value-ref="ssl2"/>
</util:map>
<bean id="ssl2"
class="com.axiope.webapp.filter.ShiroSslFilterMavenAgnostic">
<property name="enabledOverride" value="${ssl.enabled}"/>
</bean>
In our case, we overrode the SslFilter to better handle input to the
setEnabled() method - we're using Maven resource filtering, which
doesn't work with jetty,
so needed to handle the case where 'value' is an unresolved variable
like ${ssl.enabled}. But of course you can just use Shiro's Ssl
filter here too.
Hope this thread is useful to someone at some point.
Richard
On 14 Mar 2013, at 17:42, Richard Adams wrote:
Hello,
We're making our Spring -MVC based web app run over Https, and use
Shiro pretty much out of the box. We're using Spring 3.2.
We've got some teething troubles getting it https set up on our
server so I'd like to 'eliminate from our enquiries' our Shiro
config - there's excellent docs on the shiro.ini file but for Spring
XML based config it's a little more sparse.
Specifically,
1) Is the setup below the correct way to add the 'ssl.enabled'
property to the config files?
2) How do we ensure that the /login URL works over HTTPS? Do we just
add it to the list of filterChainDefinitions, or does it need some
special treatment, or does Shiro automatically used ssl if possible?
E.g.,
<bean id="shiroFilter"
class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- override these for application-specific URLs if you like:-->
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/notebook"/>
<property name="unauthorizedUrl" value="login?error=true"/>
<property name="ssl.enabled" value="false"/>
<!-- The 'filters' property is not necessary since any declared
javax.servlet.Filter bean -->
<!-- defined will be automatically acquired and available via its
beanName in chain -->
<!-- definitions, but you can perform instance overrides or name
aliases here if you like: -->
<!-- <property name="filters">
<util:map>
<entry key="anAlias" value-ref="someFilter"/>
</util:map>
</property> -->
<property name="filterChainDefinitions">
<value>
# some example chain definitions:
/images/**=anon
/videos/**=anon
/styles/**=anon
/scripts/**=anon
/admin/** = authc,ssl
/signup/** = anon
/** = authc,ssl
# more URL-to-FilterChain definitions here
</value>
</property>
</bean>
Many thanks
Richard
Richard Adams
[email protected]
Richard Adams
[email protected]
