You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by GitBox <gi...@apache.org> on 2020/02/08 12:17:38 UTC
[GitHub] [shiro] tomsun28 opened a new pull request #201: [SHIRO-742]fix
throw exception when request uri is /
tomsun28 opened a new pull request #201: [SHIRO-742]fix throw exception when request uri is /
URL: https://github.com/apache/shiro/pull/201
this bug due to my pr [SHIRO-682 fix the potential threat when use "uri = uri + '/' " to bypassed shiro](https://github.com/apache/shiro/pull/127) in 1.5, sorry
as the @jaynlau [comment](https://github.com/apache/shiro/pull/181)
under is @jaynlau report
````
Can not get the NamedFilterList when request uri is "/".
java.lang.IllegalArgumentException: There is no configured chain under the name/key [].
at org.apache.shiro.web.filter.mgt.DefaultFilterChainManager.proxy(DefaultFilterChainManager.java:322) ~[shiro-web-1.5.0.jar:1.5.0]
at org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver.getChain(PathMatchingFilterChainResolver.java:126) ~[shiro-web-1.5.0.jar:1.5.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter.getExecutionChain(AbstractShiroFilter.java:415) ~[shiro-web-1.5.0.jar:1.5.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:448) ~[shiro-web-1.5.0.jar:1.5.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) ~[shiro-web-1.5.0.jar:1.5.0]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) ~[shiro-core-1.5.0.jar:1.5.0]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) ~[shiro-core-1.5.0.jar:1.5.0]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) ~[shiro-core-1.5.0.jar:1.5.0]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) ~[shiro-web-1.5.0.jar:1.5.0]
The value of pathPattern is changed from "/" to "" , matching path definition / = user failed.
Because chainName is "/", not "".
````
this pr's solution is bypass substring when the request uri and pathPattern is /
please let me konw if any other better solution,
thanks @jaynlau ^~^
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [shiro] fpapon commented on issue #201: [SHIRO-742]fix throw
exception when request uri is /
Posted by GitBox <gi...@apache.org>.
fpapon commented on issue #201: [SHIRO-742]fix throw exception when request uri is /
URL: https://github.com/apache/shiro/pull/201#issuecomment-583812905
@tomsun28 thanks for the PR. We are releasing the 1.5.1 and we will merge this just after.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [shiro] fpapon merged pull request #201: [SHIRO-742]fix throw
exception when request uri is /
Posted by GitBox <gi...@apache.org>.
fpapon merged pull request #201: [SHIRO-742]fix throw exception when request uri is /
URL: https://github.com/apache/shiro/pull/201
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [shiro] adessaigne commented on issue #201: [SHIRO-742]fix throw
exception when request uri is /
Posted by GitBox <gi...@apache.org>.
adessaigne commented on issue #201: [SHIRO-742]fix throw exception when request uri is /
URL: https://github.com/apache/shiro/pull/201#issuecomment-586298393
Hello.
First, thank you very much for this fix.
I have a newbie question: would it be possible to include this commit in 1.5.1 release? I have to admit I'm not yet familiar with the release process. Thank you very much!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [shiro] coheigea commented on issue #201: [SHIRO-742]fix throw
exception when request uri is /
Posted by GitBox <gi...@apache.org>.
coheigea commented on issue #201: [SHIRO-742]fix throw exception when request uri is /
URL: https://github.com/apache/shiro/pull/201#issuecomment-586300703
Yes, it will be in the 1.5.1 release.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services