You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Markus W Mahlberg (JIRA)" <ji...@apache.org> on 2014/11/02 10:44:33 UTC
[jira] [Created] (SHIRO-523) Create annotation which allows access
for both Guests and users.
Markus W Mahlberg created SHIRO-523:
---------------------------------------
Summary: Create annotation which allows access for both Guests and users.
Key: SHIRO-523
URL: https://issues.apache.org/jira/browse/SHIRO-523
Project: Shiro
Issue Type: New Feature
Components: Authentication (log-in), Authorization (access control) , Configuration
Affects Versions: 1.2.3
Environment: shiro-web with shiro-aop
Reporter: Markus W Mahlberg
At the moment, it is necessary to have the anonymous filter explicitly configured for an url.
There is no annotation for marking publicly available methods.
This way, it is not possible to do an annotation-only configuration of methods. The optimal solution would be that everything is filtered through an auth filter, but methods annotated with (at)Anonymous for example do not lead to a redirection to the login url.
This makes sense in cases where you want to have a default config set in a base artifact integrating Shiro and applications using that artifact should be enabled to do the actual configuration of which methods are accessible for anonymous users.
RequiresGuest is not sufficient, as it will deny access to authenticated users.
The lack of this feature makes it very hard to incorporate Shiro into a web framework providing a sane default configuration (filter everything through authc/authc_basic) and still let the user decide where to make exemptions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)