[jira] [Commented] (SHIRO-409) Need a nossl to match the ssl filter

["Laurent Cottereau (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SHIRO-409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13583114#comment-13583114 ] 

Laurent Cottereau commented on SHIRO-409:
-----------------------------------------

It seems to me that no-ssl allows Session Hijacking as much as ssl-on-login-only. And shiro does not force a full-ssl configuration today. So it doesn't seem to me that providing a nossl filter would be worst than today. 

I agree with Kamal Sharif when he explains that certain applications are not that sensitive such that only the password really needs to be protected.

Thank you guys for all you work and Kamal for sharing your code.
                
> Need a nossl to match the ssl filter
> ------------------------------------
>
>                 Key: SHIRO-409
>                 URL: https://issues.apache.org/jira/browse/SHIRO-409
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.1
>         Environment: All
>            Reporter: Kamal Sharif
>            Priority: Critical
>              Labels: features
>
> One great-but not seemingly too difficult- feature would be a nossl filter to match the ssl filter. In my website, I only want the login process to be handled over https, but using ssl filter, the site stays in https since all of the links on those pages will stay relative to the https url.
> It would be great if a nossl filter exisited that one could define and would switch the port for the urls defined.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira