Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-553

Parsing od roles filter on urls incorrect

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.4
    • Fix Version/s: None
    • Component/s: Configuration
    • Labels:
      None
    • Environment:
      Web application where shiro should authorize a specific URL formore than 1 role

      Description

      My SHIRO.INI on URLS section:

      [urls]
      /rest/test/** = authcBasic, roles[admin,normal]

      Unfortuntely Shiro can't read correctly the array of roles.

      I think the bug is in StringUtils class int the method:
      public static String[] split(String aLine, char delimiter, char beginQuoteChar, char endQuoteChar, boolean retainQuotes, boolean trimTokens)

      At line 392 there is an IF stament:

      } else if (c == delimiter && !inQuotes) {

      I believe that the NOT in Quotes is wrong because it should read the token if it is inQuote.

      Furthermore this method seems to be called with the argument "retainQuotes" set to TRUE. I thing, for RolesFilter should be called with FALSE

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              stocki Stock
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: