Filter problem with Shiro 1.5.0/Spring 5.2.3

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Filter problem with Shiro 1.5.0/Spring 5.2.3

ry99
Hi All...I'm having trouble upgrading to Shiro 1.5.0 from 1.4.2 in my Spring
application. This code works in 1.4.2, but seems to fail in 1.5.0:
@Beanpublic ShiroFilterFactoryBean shiroFilter() { ShiroFilterFactoryBean
filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setLoginUrl( "/login" ); filterFactoryBean.setSuccessUrl(
"/login" ); filterFactoryBean.setUnauthorizedUrl( "/fail" );
filterFactoryBean.setSecurityManager( manager );
filterFactoryBean.getFilters().put( "cors", new CorsFilter( corsorigins ) );
filterFactoryBean.getFilters().put( "jwt", jwt ); Map<String, String> map =
new HashMap<>(); map.put( "/", "cors, anon" ); map.put( "/logout", "cors,
logout" ); map.put( "/login", "cors, noSessionCreation, jwt" ); map.put(
"/**", "cors, noSessionCreation, jwt" );
filterFactoryBean.setFilterChainDefinitionMap( map ); return
filterFactoryBean;}
The problem seems to be in PreMatchingFilterChainResolver::getChain's
handling of the "/" mapping...it removes the trailing path separator, which
in this case is the entire path. Thus, when the chain name is later checked,
we end up checking an empty string against "/", which throws an exception.
What should I do here?



--
Sent from: http://shiro-user.582556.n2.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Filter problem with Shiro 1.5.0/Spring 5.2.3

Brian Demers
A release for 1.5.1 is underway, which contains a fix for this

On Tue, Feb 18, 2020 at 10:27 AM ry99 <[hidden email]> wrote:
Hi All...I'm having trouble upgrading to Shiro 1.5.0 from 1.4.2 in my Spring
application. This code works in 1.4.2, but seems to fail in 1.5.0:
@Beanpublic ShiroFilterFactoryBean shiroFilter() {      ShiroFilterFactoryBean
filterFactoryBean = new ShiroFilterFactoryBean();
filterFactoryBean.setLoginUrl( "/login" );      filterFactoryBean.setSuccessUrl(
"/login" );     filterFactoryBean.setUnauthorizedUrl( "/fail" );
filterFactoryBean.setSecurityManager( manager );
filterFactoryBean.getFilters().put( "cors", new CorsFilter( corsorigins ) );
filterFactoryBean.getFilters().put( "jwt", jwt );       Map<String, String> map =
new HashMap<>();        map.put( "/", "cors, anon" );   map.put( "/logout", "cors,
logout" );      map.put( "/login", "cors, noSessionCreation, jwt" );    map.put(
"/**", "cors, noSessionCreation, jwt" );
filterFactoryBean.setFilterChainDefinitionMap( map );   return
filterFactoryBean;}
The problem seems to be in PreMatchingFilterChainResolver::getChain's
handling of the "/" mapping...it removes the trailing path separator, which
in this case is the entire path. Thus, when the chain name is later checked,
we end up checking an empty string against "/", which throws an exception.
What should I do here?



--
Sent from: http://shiro-user.582556.n2.nabble.com/