Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-521

Allow specific permissions for wsdl / wadl & xsd

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.2.2, 2.0.0
    • Fix Version/s: None
    • Component/s: Web
    • Labels:
      None

      Description

      ShiroFilterFactoryBean should have a setFilterChainResolver to allow overriding the PathMatchingFilterChainResolver being created in the createInstance method.

      I would like to allow wsdl, wadls and xsds for anon while the same URI

      <bean id="shiroFilter" class="com.railinc.shiro.spring.web.ShiroFilterFactoryBean">
      <property name="securityManager" ref="securityManager"/>
      <property name="pathWithParamMatchingFilterChainResolver " ref="pathWithParamMatchingFilterChainResolver "
      <property name="filterChainDefinitions">
      <value>
      <!-- allow access to wsdls, wadls and schemas -->
      /services/validation/r2009v1?_wadl = noSessionCreation, anon
      /services/soap/equipmentValidationService/r2009v1?wsdl = noSessionCreation, anon
      <!-- replace = in the path with ? for the pattern matcher -->
      /services/soap/equipmentValidationService/r2009v1?xsd?../schemas/ExampleEquipmentValidation.xsd = noSessionCreation, anon
      /services/soap/equipmentValidationService/r2009v1?xsd?./bindingMapping.xsd = noSessionCreation, anon
      /services/soap/equipmentValidationService/r2009v1?xsd?./ExampleRailincEquipment.xsd = noSessionCreation, anon
      /** = noSessionCreation, authcBasic
      </value>
      </property>
      </bean>

      Then I could extend PathMatchingFilterChainResolver as such

      public class PathWithParamMatchingFilterChainResolver extends PathMatchingFilterChainResolver {

      @Override
      protected String getPathWithinApplication(ServletRequest request) {
      HttpServletRequest httpReq =WebUtils.toHttp(request);
      StringBuilder completeURI = new StringBuilder();
      completeURI.append( WebUtils.getPathWithinApplication(httpReq));
      String queryStr = httpReq.getQueryString();
      if(!StringUtils.isEmpty(queryStr))

      { completeURI.append("?"); completeURI.append(queryStr); }

      return completeURI.toString();
      }
      }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              knapp Barry Knapp

              Dates

              • Created:
                Updated:

                Issue deployment