google-app-engine


Apache Shiro: Permission filter is validating last matched path


I am using Apache Shiro with Guice on Google App Engine.
Following filter chain is present in configureShiroWeb() function
addFilterChain("/**/first/second/third/**", AUTHC_BASIC, config(REST, "X"));
addFilterChain("/**/first/**", AUTHC_BASIC, config(REST, "Y"));
When a request is made for an API- example.appspot.com/v1/first/second/third, the first filter is bypassed and the access is granted for a user with permission Y and not with X.
I am using the following shiro and guice related dependencies:
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-guice</artifactId>
<version>1.2.4</version>
</dependency>
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
<version>3.0</version>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-servlet</artifactId>
<version>3.0</version>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-multibindings</artifactId>
<version>3.0</version>
</dependency>
<dependency>
<groupId>com.sun.jersey.contribs</groupId>
<artifactId>jersey-guice</artifactId>
<version>1.8</version>
</dependency>
Upgrade Shiro, If you are still running into this issue let us know.

Related Links

Not getting all labels with Adwords Python client
Standard for Google Cloud and AWS Setup for multiple instances
GAE custom domain wildcard subdomain issues
Cron per Service/Module (AppEngine)
How do we parse and generate App Engine URL-Safe Datastore Keys in the Google Cloud API?
Google App Engine: How to create HTTPS endpoints with flexible environment?
Deployed Google Endpoints Quickstart app giving error message when i request url?
Google Cloud SDK vs Google Cloud Client Libraries
when does dispatch.xml get updated?
How do I stop this Google cloude Instances billing?
Google Appengine Deployment Security Woes
google cloud share vm access to other google account
Save result from Objectify in human readable form in datastore
Storing images and structured data together (Google Cloud Platform)
Use a subdomain instead of https://storage.googleapis.com
App Engine Flexible to Cloud Storage Network Unreachable

Categories

HOME
sonarqube
azure-stream-analytics
jelastic
oracle-apex-5
composite-primary-key
shiro
yandex
aws-cli
cq5
nested-if
banner
vert.x
mod-security
package-managers
internationalization
symfony-console
cfml
babel
definitelytyped
jquery-multiselect
asymptotic-complexity
tpm
twiml
dst
turfjs
fstream
laravel-eloquent
spring-security4
jett
sendbird
reactjs.net
fossil
hibernate-search
python-import
sharepoint-workflow
docfx
tex
c9.io
resolution
plaintext
preloader
install.packages
xmldocument
show-hide
dapper-simplecrud
procfile
ovf
linter
serde
wcftestclient
tf
zenhub
wpas
trigger.io
qtplugin
vulcanize
embedding
stream-processing
phpwebsocket
cortex-m
phpgrid
maybe
boomerang
flock
extjs-grid
liquid-layout
uvc
procedural-programming
rapidsvn
primitive-types
android-vibration
filesplitting
cancellation
maven-scm
decoupling
websphere-esb
jammer
away3d
nevron
insert-id
device-width
vfs
correlated-subquery
failing-tests
screen-size
fsevents
rmdir
multiplatform
codebase
cruisecontrol.rb
ajax-polling
folding
zend-rest
scrollbars
dsl-tools
httpcookie
movieplayer

Resources

Encrypt Message