-
Type:
New Feature
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.0.0
-
Fix Version/s: 1.3.0
-
Component/s: Authentication (log-in), Web
-
Labels:
Currently, if one configures the basic authentication filter for a URL, it is applied to all HTTP methods. However, I'd like the read-only methods (GET, HEAD) to be completely open and only the update methods requiring authentication. Proposed syntax:
<pre>
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
</pre>
I have attached a patch for review.
BTW, the test case could do with renaming - it doesn't match the name of the class it's testing.