Shiro
  1. Shiro
  2. SHIRO-283

Add ability to support basic auth and form authentication simultaneously

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Currently, it's impossible to require either form authentication or basic authentication. I need to support both since we want the former for the users using a browser and the later for REST. At a config level, I don't really care which one is used, I just want to know they're authenticated.

        Activity

        Hide
        Jared Bunting added a comment -

        Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.

        Show
        Jared Bunting added a comment - Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.
        Hide
        Jared Bunting added a comment -

        I am committing a fix that allows:
        authc[permissive] and authcBasic[permissive].

        This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).

        Show
        Jared Bunting added a comment - I am committing a fix that allows: authc [permissive] and authcBasic [permissive] . This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).
        Hide
        Les Hazlewood added a comment -

        Jared and Dan, do you consider this issue resolved?

        Show
        Les Hazlewood added a comment - Jared and Dan, do you consider this issue resolved?
        Hide
        Les Hazlewood added a comment -

        Recategorizing as an improvement as this does not represent broken functionality.

        Show
        Les Hazlewood added a comment - Recategorizing as an improvement as this does not represent broken functionality.
        Hide
        Jan Stamer added a comment -

        The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach
        That works for me so I suppose this issue is fixed.

        Show
        Jan Stamer added a comment - The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach That works for me so I suppose this issue is fixed.

          People

          • Assignee:
            Unassigned
            Reporter:
            Dan Diephouse
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development