Support for extensionless urls?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Support for extensionless urls?

raupach
Hello group,

is there any support for filtering urls without looking at the extension? Maybe we have overlooked it.

In our use case we work with JavaServer Faces (JSF). In web.xml we map the JSF servlet to .jsf.

An example shiro.ini:

        [urls]
        /index.jsf = ssl, authBasic

You can bypass the JSF servlet *and* the Shiro Filter by requesting /index.xhtml.

The requesting party only gets the xhtml page, with all the JSF spaghetti included, but it won’t be processed.

It would be nice to declare /index = ssl, authBasic regardless of the extension.

Another option is a deny filter so I could have /index.xhtml = deny for example.

Any thoughts on this?

/Björn
Reply | Threaded
Open this post in threaded view
|

Re: Support for extensionless urls?

Brian Demers
The URLs are just ANT paths: https://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/AntPathMatcher.html

So something like this should work:

[urls]
/index* = ssl, authBasic

On Wed, Nov 2, 2016 at 11:30 AM, Björn Raupach <[hidden email]> wrote:
Hello group,

is there any support for filtering urls without looking at the extension? Maybe we have overlooked it.

In our use case we work with JavaServer Faces (JSF). In web.xml we map the JSF servlet to .jsf.

An example shiro.ini:

        [urls]
        /index.jsf = ssl, authBasic

You can bypass the JSF servlet *and* the Shiro Filter by requesting /index.xhtml.

The requesting party only gets the xhtml page, with all the JSF spaghetti included, but it won’t be processed.

It would be nice to declare /index = ssl, authBasic regardless of the extension.

Another option is a deny filter so I could have /index.xhtml = deny for example.

Any thoughts on this?

/Björn

Reply | Threaded
Open this post in threaded view
|

Re: Support for extensionless urls?

raupach
Hi Brian,

On 2 Nov 2016, at 16:56, Brian Demers <[hidden email]> wrote:

The URLs are just ANT paths: https://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/AntPathMatcher.html

So something like this should work:

[urls]
/index* = ssl, authBasic

Perfect! Works! Thank you very much


On Wed, Nov 2, 2016 at 11:30 AM, Björn Raupach <[hidden email]> wrote:
Hello group,

is there any support for filtering urls without looking at the extension? Maybe we have overlooked it.

In our use case we work with JavaServer Faces (JSF). In web.xml we map the JSF servlet to .jsf.

An example shiro.ini:

        [urls]
        /index.jsf = ssl, authBasic

You can bypass the JSF servlet *and* the Shiro Filter by requesting /index.xhtml.

The requesting party only gets the xhtml page, with all the JSF spaghetti included, but it won’t be processed.

It would be nice to declare /index = ssl, authBasic regardless of the extension.

Another option is a deny filter so I could have /index.xhtml = deny for example.

Any thoughts on this?

/Björn