Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-411

Authentication not required for welcome-files in web.xml

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Invalid
    • 1.2.1
    • None
    • Win 7, Glassfish 3.1.2.2 or Tomcat 7

    Description

      Sample CAS server configuration as it was described in http://shiro.apache.org/cas.html (Complete configuration sample) doesn't require authentication for welcome files defined in web.xml.

      INI configuration [urls]:
      /shiro-cas = casFilter
      /protected/** = roles[ROLE_USER]
      /** = anon

      web.xml:
      <welcome-file-list>
      <welcome-file>protected/index.xhtml</welcome-file>
      </welcome-file-list>

      When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro correctly redirects me to CAS server for authentication.
      But if I access localhost:8080/shiro-cas/, application redirects me to specified welcome file /protected/index.xhtml without authentication.

      Attachments

        Activity

          People

            Unassigned Unassigned
            peter.bocak Peter Bočák
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: