hi, the potential threat found when use shiro filter.
in spring web, the requestURI : /resource/menus and resource/menus/ both can access the resource,
but the pathPattern match /resource/menus can not match resource/menus/
user can use requestURI + "/" to simply bypassed chain filter, to bypassed shiro protect
- is related to
KNOX-2221 Upgrade shiro to 1.5.3
- links to