You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Peter Bočák (JIRA)" <ji...@apache.org> on 2013/02/04 18:24:12 UTC
[jira] [Updated] (SHIRO-411) Authentication not required for
welcome-files in web.xml
[ https://issues.apache.org/jira/browse/SHIRO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Bočák updated SHIRO-411:
------------------------------
Environment: Win 7, Glassfish 3.1.2.2 or Tomcat 7 (was: Win 7, Glassfish 3.1.2.2)
> Authentication not required for welcome-files in web.xml
> --------------------------------------------------------
>
> Key: SHIRO-411
> URL: https://issues.apache.org/jira/browse/SHIRO-411
> Project: Shiro
> Issue Type: Bug
> Components: Authorization (access control) , Realms , Web
> Affects Versions: 1.2.1
> Environment: Win 7, Glassfish 3.1.2.2 or Tomcat 7
> Reporter: Peter Bočák
> Priority: Minor
> Labels: cas
>
> Sample CAS server configuration as it was described in http://shiro.apache.org/cas.html (Complete configuration sample) doesn't require authentication for welcome files defined in web.xml.
> INI configuration [urls]:
> /shiro-cas = casFilter
> /protected/** = roles[ROLE_USER]
> /** = anon
> web.xml:
> <welcome-file-list>
> <welcome-file>protected/index.xhtml</welcome-file>
> </welcome-file-list>
> When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro correctly redirects me to CAS server for authentication.
> But if I access localhost:8080/shiro-cas/, application redirects me to specified welcome file /protected/index.xhtml without authentication.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira