Menu
I'm having a problem configuring Apache Shiro to disable anonymous access to all pages except /js and /resources because that breaks the site design and layout before the user is logged in.
My current shiro-context.xml file has the following section:
/**=authc
/js/** =anon
/resources/** =anon
This will require authentication for all pages and redirect the user to /login page, but as I previously said, it will break access to resource files. It's as if doesn't pick up the 2nd and the 3rd line instructing it to allow anon access.
Am I doing something wrong? Should I perhaps prefix the path to all secure pages with something like /secure/ and allow anonymous access to everything above that folder?
773
Ok, I got it to work.
Answer from the documentation:
Order Matters! URL path expressions are evaluated against an incoming request in the order they are defined and the FIRST MATCH WINS.
I restructured my definitions to look like this:
/js/** =anon
/resources/** =anon
/**=authc
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With