Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-283

Add ability to support basic auth and form authentication simultaneously

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Currently, it's impossible to require either form authentication or basic authentication. I need to support both since we want the former for the users using a browser and the later for REST. At a config level, I don't really care which one is used, I just want to know they're authenticated.

        Activity

        Hide
        deraj123 Jared Bunting added a comment -

        Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.

        Show
        deraj123 Jared Bunting added a comment - Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.
        Hide
        deraj123 Jared Bunting added a comment -

        I am committing a fix that allows:
        authc[permissive] and authcBasic[permissive].

        This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).

        Show
        deraj123 Jared Bunting added a comment - I am committing a fix that allows: authc [permissive] and authcBasic [permissive] . This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).
        Hide
        lhazlewood Les Hazlewood added a comment -

        Jared and Dan, do you consider this issue resolved?

        Show
        lhazlewood Les Hazlewood added a comment - Jared and Dan, do you consider this issue resolved?
        Hide
        lhazlewood Les Hazlewood added a comment -

        Recategorizing as an improvement as this does not represent broken functionality.

        Show
        lhazlewood Les Hazlewood added a comment - Recategorizing as an improvement as this does not represent broken functionality.
        Hide
        remast Jan Stamer added a comment -

        The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach
        That works for me so I suppose this issue is fixed.

        Show
        remast Jan Stamer added a comment - The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach That works for me so I suppose this issue is fixed.

          People

          • Assignee:
            Unassigned
            Reporter:
            dandiep Dan Diephouse
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development