You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Marco Descher (JIRA)" <ji...@apache.org> on 2017/10/25 05:49:00 UTC

[jira] [Commented] (SHIRO-591) Basic Auth Filter permissive mode does NOT work

    [ https://issues.apache.org/jira/browse/SHIRO-591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16218145#comment-16218145 ] 

Marco Descher commented on SHIRO-591:
-------------------------------------

I currently try to use authcBasic[permissive] mode with 1.4.0. If I set to non permissive, every request is checked, if i set permissive no request is checked for basic auth. To me it seems that there is still some kind of bug in there.

> Basic Auth Filter permissive mode does NOT work
> -----------------------------------------------
>
>                 Key: SHIRO-591
>                 URL: https://issues.apache.org/jira/browse/SHIRO-591
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.3.0, 1.3.1, 1.3.2
>            Reporter: Brian Demers
>              Labels: regresion
>             Fix For: 1.4.0-RC2
>
>
> The fix for SHIRO-200 assumed all filter options were http methods, for example:
> {authcBasic[POST, GET]}
> However, the 'permissive' option is also valid, which instructs the filter to check for authentication, but NOT require it:
> {authcBasic[permissive]}
> Or the two combine in something like:
> authcBasic[permissive,POST, GET]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)