Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-741

Matching of / (root) is broken

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.5.1
    • Web
    • None

    Description

      Since SHIRO-682 it is no longer possible match the root of your application with /** . A request at / is transformed into an empty URI and no longer matches /**. This makes it impossible to secure your entire application and provide a whitelist for allowed urls, like this:

      [urls]
/rest/v1/openapi.* = noSessionCreation,anon
/rest/v1/info = noSessionCreation,anon

/** = noSessionCreation,oauth2,oauth,secured

      So far, I've found no way to match the root in 1.5.

      Attachments

        Issue Links

          is fixed by

          Bug - A problem which impairs or prevents the functions of the product. SHIRO-742 fix throw exception when request uri is /

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              papegaaij Emond Papegaaij
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: