You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Peter Ledbrook (JIRA)" <ji...@apache.org> on 2010/10/15 11:56:33 UTC
[jira] Created: (SHIRO-200) Add ability to configure basic
authentication for specific HTTP methods
Add ability to configure basic authentication for specific HTTP methods
------------------------------------------------------------------------
Key: SHIRO-200
URL: https://issues.apache.org/jira/browse/SHIRO-200
Project: Shiro
Issue Type: Improvement
Components: Authentication (log-in), Web
Affects Versions: 1.0.0
Reporter: Peter Ledbrook
Fix For: 1.1.0
Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
{code}
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
{code}
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-200) Add ability to configure basic
authentication for specific HTTP methods
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-200:
---------------------------------
Fix Version/s: (was: 1.1.0)
1.2.0
> Add ability to configure basic authentication for specific HTTP methods
> ------------------------------------------------------------------------
>
> Key: SHIRO-200
> URL: https://issues.apache.org/jira/browse/SHIRO-200
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Web
> Affects Versions: 1.0.0
> Reporter: Peter Ledbrook
> Fix For: 1.2.0
>
> Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
> <pre>
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> </pre>
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-200) Add ability to configure basic
authentication for specific HTTP methods
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Ledbrook updated SHIRO-200:
---------------------------------
Description:
Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
<pre>
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
</pre>
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
was:
Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
{code}
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
{code}
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
> Add ability to configure basic authentication for specific HTTP methods
> ------------------------------------------------------------------------
>
> Key: SHIRO-200
> URL: https://issues.apache.org/jira/browse/SHIRO-200
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Web
> Affects Versions: 1.0.0
> Reporter: Peter Ledbrook
> Fix For: 1.1.0
>
> Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
> <pre>
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> </pre>
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-200) Add ability to configure basic
authentication for specific HTTP methods
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12921295#action_12921295 ]
Peter Ledbrook commented on SHIRO-200:
--------------------------------------
I don't have HTTPS svn set up yet, so I attached a patch for review. I
also wanted it reviewed before committing anyway, in case anyone
disagrees with the principle.
Thanks,
Peter
> Add ability to configure basic authentication for specific HTTP methods
> ------------------------------------------------------------------------
>
> Key: SHIRO-200
> URL: https://issues.apache.org/jira/browse/SHIRO-200
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Web
> Affects Versions: 1.0.0
> Reporter: Peter Ledbrook
> Fix For: 1.1.0
>
> Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
> <pre>
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> </pre>
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-200) Add ability to configure basic
authentication for specific HTTP methods
Posted by "Peter Ledbrook (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-200?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Ledbrook updated SHIRO-200:
---------------------------------
Attachment: MethodSpecificBasicAuth.patch
The patch should be applied with 'patch -p1 < file' because it was generated from git and has a leading path element.
> Add ability to configure basic authentication for specific HTTP methods
> ------------------------------------------------------------------------
>
> Key: SHIRO-200
> URL: https://issues.apache.org/jira/browse/SHIRO-200
> Project: Shiro
> Issue Type: Improvement
> Components: Authentication (log-in), Web
> Affects Versions: 1.0.0
> Reporter: Peter Ledbrook
> Fix For: 1.1.0
>
> Attachments: MethodSpecificBasicAuth.patch
>
>
> Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
> {code}
> [urls]
> /basic/** = authcBasic[POST,PUT,DELETE]
> {code}
> I have attached a patch for review.
> BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.