Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.2.4
-
None
-
None
-
Web application where shiro should authorize a specific URL formore than 1 role
Description
My SHIRO.INI on URLS section:
[urls]
/rest/test/** = authcBasic, roles[admin,normal]
Unfortuntely Shiro can't read correctly the array of roles.
I think the bug is in StringUtils class int the method:
public static String[] split(String aLine, char delimiter, char beginQuoteChar, char endQuoteChar, boolean retainQuotes, boolean trimTokens)
At line 392 there is an IF stament:
} else if (c == delimiter && !inQuotes) {
I believe that the NOT in Quotes is wrong because it should read the token if it is inQuote.
Furthermore this method seems to be called with the argument "retainQuotes" set to TRUE. I thing, for RolesFilter should be called with FALSE