You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Falco Schwarz <hi...@falco.me> on 2014/07/07 20:44:03 UTC
Exception handling / error-page with authcBasic
Hi all,
I have a question regarding filter chains and authcBasic
authentication failures. If a user tries to authenticate and aborts
the request (hits escape with a browser or does not provide
credentials using curl for example) shiro silently discards the user
and does not return the default 401 error-page.
Is this an error in my config or is this the default behaviour of
shiro? If so, is there any possibility in changing this behavior with
a configuration switch?
Regards,
Falco
-----------------------------------------------------------------------
; shiro.ini
[main]
; credentials are sha256 hashed
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher
; restrict access to localhost
ipRemote = org.apache.catalina.filters.RemoteIpFilter
ipFilter = org.apache.catalina.filters.RemoteAddrFilter
ipFilter.allow = 127.0.0.1|::1|0:0:0:0:0:0:0:1
ipFilter.denyStatus = 404
[users]
test = <hash removed>, jmx
[roles]
jmx = *
[urls]
/jmx/** = ipRemote, ipFilter, authcBasic, roles[jmx]
/jmx = ipRemote, ipFilter, authcBasic, roles[jmx]