Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-411

Authentication not required for welcome-files in web.xml

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 1.2.1
    • Fix Version/s: None
    • Labels:
    • Environment:
      Win 7, Glassfish 3.1.2.2 or Tomcat 7

      Description

      Sample CAS server configuration as it was described in http://shiro.apache.org/cas.html (Complete configuration sample) doesn't require authentication for welcome files defined in web.xml.

      INI configuration [urls]:
      /shiro-cas = casFilter
      /protected/** = roles[ROLE_USER]
      /** = anon

      web.xml:
      <welcome-file-list>
      <welcome-file>protected/index.xhtml</welcome-file>
      </welcome-file-list>

      When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro correctly redirects me to CAS server for authentication.
      But if I access localhost:8080/shiro-cas/, application redirects me to specified welcome file /protected/index.xhtml without authentication.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              peter.bocak Peter Bočák
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: