Hi, Sorry , still no joy - I tried: > factory.setFilterChainDefinitions( > "/manage/health=anon\n” + > "/manage/**=authc\n”);
and > factory.setFilterChainDefinitions( > "/manage/health/**=anon\n” + > "/manage/**=authc\n"); but still get login prompt in both cases, whether set through string or linked hash map… It’s a bit puzzling but I have a workaround I can use with the explicit mappings below. Thanks Richard > On 23 Oct 2014, at 11:32, Dominic Farr <[email protected]> wrote: > > this suggests it is a matching, not ordering, issue. will dropping the > trailing slash on anon health path help? > > factory.setFilterChainDefinitions( > "/manage/health=anon\n” + > "/manage/**=authc\n"); > > On 23 October 2014 10:49, Richard Adams <[email protected] > <mailto:[email protected]>> wrote: > Hi Dominic > Thanks for the suggestion, I tried this but still the /manage/health/ URL is > asking for a login. If I add all the endpoints explicitly it works fine, > using either String or Map based configuration. > E.g., > factory.setFilterChainDefinitions( > "/manage/health/=anon\n"+ > "/manage/metrics/**=authc\n"+ > "/manage/beans/**=authc\n"+ > "/manage/trace/**=authc\n"+ > "/manage/mappings/**=authc\n"+ > "/manage/dump/**=authc\n"+ > "/manage/autoconfig/**=authc\n"+ > "/manage/env/**=authc\n"+ > "/manage/info/**=authc”); > . > Thanks > Richard > > On 23 Oct 2014, at 08:53, Richard Adams <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi, > > I’ve been using Shiro quite happlly for some years now in an existing > > project. Recently I started a new project using Spring Boot, and wanted to > > use Shiro rather than learn Spring Security, which is the ‘default’ > > security option in Spring Boot.. > > > > The configuration is pure Java and it took a little while to get set up, > > but I’ve documented my experiences in a blog post in case it’s useful to > > others: > > > > http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html > > > > <http://richardadams606blog.blogspot.co.uk/2014/10/apache-shiro-and-spring-boot.html> > > > > One problem I’ve not been able to fix is the ordering of filter chain > > definitions. > > public ShiroFilterFactoryBean shiroFilter (){ > > ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean (); > > …….. > > factory.setFilterChainDefinitions( > > "/manage/health/=anon\n” + > > "/manage/**=authc\n” > > ); > > ….. > > } > > > > For example, I’d like to make /manage/health to allow anonymous access, but > > all other URLS under manage/ to require authentication. > > This type of approach works fine using XML configuration in my old project, > > but in the new Spring Boot project the '/manage/health‘ URL triggers the > > authentication filter. I’ve tried to swap them but no success. Does anyone > > have any suggestions on how to configure the ordering properly using Java > > rather than .ini or XML config? > > > > Thanks > > Richard > > > > > > Richard Adams > > [email protected] <mailto:[email protected]> > > > > > > > > > > Richard Adams > [email protected] <mailto:[email protected]> > > > > > Richard Adams [email protected]
