Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
1.2.1
-
None
-
Win 7, Glassfish 3.1.2.2 or Tomcat 7
Description
Sample CAS server configuration as it was described in http://shiro.apache.org/cas.html (Complete configuration sample) doesn't require authentication for welcome files defined in web.xml.
INI configuration [urls]:
/shiro-cas = casFilter
/protected/** = roles[ROLE_USER]
/** = anon
web.xml:
<welcome-file-list>
<welcome-file>protected/index.xhtml</welcome-file>
</welcome-file-list>
When I access URL localhost:8080/shiro-cas/protected/index.xhtml shiro correctly redirects me to CAS server for authentication.
But if I access localhost:8080/shiro-cas/, application redirects me to specified welcome file /protected/index.xhtml without authentication.