You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Falco Schwarz <hi...@falco.me> on 2014/07/07 20:44:03 UTC

Exception handling / error-page with authcBasic

Hi all,

I have a question regarding filter chains and authcBasic
authentication failures. If a user tries to authenticate and aborts
the request (hits escape with a browser or does not provide
credentials using curl for example) shiro silently discards the user
and does not return the default 401 error-page.

Is this an error in my config or is this the default behaviour of
shiro? If so, is there any possibility in changing this behavior with
a configuration switch?

Regards,
Falco

-----------------------------------------------------------------------
; shiro.ini

[main]
; credentials are sha256 hashed
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher

; restrict access to localhost
ipRemote = org.apache.catalina.filters.RemoteIpFilter
ipFilter = org.apache.catalina.filters.RemoteAddrFilter
ipFilter.allow = 127.0.0.1|::1|0:0:0:0:0:0:0:1
ipFilter.denyStatus = 404

[users]
test  = <hash removed>, jmx

[roles]
jmx     = *

[urls]
/jmx/** = ipRemote, ipFilter, authcBasic, roles[jmx]
/jmx    = ipRemote, ipFilter, authcBasic, roles[jmx]