Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-741

Matching of / (root) is broken

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.5.1
    • Web
    • None

    Description

      Since SHIRO-682 it is no longer possible match the root of your application with /** . A request at / is transformed into an empty URI and no longer matches /**. This makes it impossible to secure your entire application and provide a whitelist for allowed urls, like this:

      [urls]
      /rest/v1/openapi.* = noSessionCreation,anon
      /rest/v1/info = noSessionCreation,anon
      
      /** = noSessionCreation,oauth2,oauth,secured
      

      So far, I've found no way to match the root in 1.5.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              papegaaij Emond Papegaaij
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: