You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Marco Descher (JIRA)" <ji...@apache.org> on 2017/10/25 05:49:00 UTC
[jira] [Commented] (SHIRO-591) Basic Auth Filter permissive mode
does NOT work
[ https://issues.apache.org/jira/browse/SHIRO-591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16218145#comment-16218145 ]
Marco Descher commented on SHIRO-591:
-------------------------------------
I currently try to use authcBasic[permissive] mode with 1.4.0. If I set to non permissive, every request is checked, if i set permissive no request is checked for basic auth. To me it seems that there is still some kind of bug in there.
> Basic Auth Filter permissive mode does NOT work
> -----------------------------------------------
>
> Key: SHIRO-591
> URL: https://issues.apache.org/jira/browse/SHIRO-591
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.3.0, 1.3.1, 1.3.2
> Reporter: Brian Demers
> Labels: regresion
> Fix For: 1.4.0-RC2
>
>
> The fix for SHIRO-200 assumed all filter options were http methods, for example:
> {authcBasic[POST, GET]}
> However, the 'permissive' option is also valid, which instructs the filter to check for authentication, but NOT require it:
> {authcBasic[permissive]}
> Or the two combine in something like:
> authcBasic[permissive,POST, GET]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)