Hi Dominic
Thanks for the suggestion, I tried this but still the /manage/health/ URL is
asking for a login. If I add all the endpoints explicitly it works fine, using
either String or Map based configuration.
E.g.,
factory.setFilterChainDefinitions(
"/manage/health/=anon\n"+
"/manage/metrics/**=authc\n"+
"/manage/beans/**=authc\n"+
"/manage/trace/**=authc\n"+
"/manage/mappings/**=authc\n"+
"/manage/dump/**=authc\n"+
"/manage/autoconfig/**=authc\n"+
"/manage/env/**=authc\n"+
"/manage/info/**=authc”);
.
Thanks
Richard
> On 23 Oct 2014, at 08:53, Richard Adams <[email protected]> wrote:
>
> Hi,
> I’ve been using Shiro quite happlly for some years now in an existing
> project. Recently I started a new project using Spring Boot, and wanted to
> use Shiro rather than learn Spring Security, which is the ‘default’ security
> option in Spring Boot..
>
> The configuration is pure Java and it took a little while to get set up, but
> I’ve documented my experiences in a blog post in case it’s useful to others:
>
> http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html
>
> One problem I’ve not been able to fix is the ordering of filter chain
> definitions.
> public ShiroFilterFactoryBean shiroFilter (){
> ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean ();
> ……..
> factory.setFilterChainDefinitions(
> "/manage/health/=anon\n” +
> "/manage/**=authc\n”
> );
> …..
> }
>
> For example, I’d like to make /manage/health to allow anonymous access, but
> all other URLS under manage/ to require authentication.
> This type of approach works fine using XML configuration in my old project,
> but in the new Spring Boot project the '/manage/health‘ URL triggers the
> authentication filter. I’ve tried to swap them but no success. Does anyone
> have any suggestions on how to configure the ordering properly using Java
> rather than .ini or XML config?
>
> Thanks
> Richard
>
>
> Richard Adams
> [email protected]
>
>
>
>
Richard Adams
[email protected]
