Shiro
  1. Shiro
  2. SHIRO-283

Add ability to support basic auth and form authentication simultaneously

        Details

        • Type: Improvement Improvement
        • Status: Open
        • Priority: Major Major
        • Resolution: Unresolved
        • Affects Version/s: None
        • Fix Version/s: None
        • Component/s: None
        • Labels:
          None

          Description

          Currently, it's impossible to require either form authentication or basic authentication. I need to support both since we want the former for the users using a browser and the later for REST. At a config level, I don't really care which one is used, I just want to know they're authenticated.

            Activity

            Ascending order - Click to sort in descending order
            Dan Diephouse created issue -
            Hide
            Permalink
            Jared Bunting added a comment -

            Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.

            Show
            Jared Bunting added a comment - Here's how I would go about doing this. Essentially, we're adding the ability, on both filters, to not require a user to login.
            Jared Bunting made changes -
            Field Original Value New Value
            Attachment permissive-authenticating2.patch [ 12477438 ]
            Hide
            Permalink
            Jared Bunting added a comment -

            I am committing a fix that allows:
            authc[permissive] and authcBasic[permissive].

            This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).

            Show
            Jared Bunting added a comment - I am committing a fix that allows: authc [permissive] and authcBasic [permissive] . This will allow us to, on a filterchain level, not require login but use these filters simply to allow login. In addition, this will catch an "UnauthenticatedException" and perform the appropriate login request action (redirect to page or send challenge response).
            Hide
            Permalink
            Les Hazlewood added a comment -

            Jared and Dan, do you consider this issue resolved?

            Show
            Les Hazlewood added a comment - Jared and Dan, do you consider this issue resolved?
            Hide
            Permalink
            Les Hazlewood added a comment -

            Recategorizing as an improvement as this does not represent broken functionality.

            Show
            Les Hazlewood added a comment - Recategorizing as an improvement as this does not represent broken functionality.
            Les Hazlewood made changes -
            Issue Type Bug [ 1 ] Improvement [ 4 ]
            Hide
            Permalink
            Jan Stamer added a comment -

            The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach
            That works for me so I suppose this issue is fixed.

            Show
            Jan Stamer added a comment - The solution to this is described in the documentation at: http://shiro.apache.org/session-management.html#SessionManagement-AHybridApproach That works for me so I suppose this issue is fixed.

              People

              • Assignee:
                Unassigned
                Reporter:
                Dan Diephouse
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Development