Made a patch release yesterday with a fix, use 0.2.2 or 0.3.1, see http://tynamo.org/tapestry-security+guide
Kalle On Fri, Feb 4, 2011 at 7:56 PM, Kalle Korhonen <kalle.o.korho...@gmail.com> wrote: > Sorry for being a bit late to the party. Thanks Barry for reporting > and already proposing a patch. Yes, it really seems it's a feature of > Shiro. I do a find it a bit funny though (yes, I'm a Shiro committer > but haven't been on board from the beginning) that it's the default > behavior and that there's no configurable option to make it case > insensitive even if this is never an issue if your resource urls are > case sensitive. Regardless, Tapestry treating urls as case insensitive > makes this a bug in tapestry-security. Lowercasing all urls repeatedly > incurs a perfomance penalty, so I'll make this configurable (you may > have url normalizers etc. running in front of Tapestry app). I'll open > an issue against Shiro, but will have a fix for tapestry-security > available sooner than that. The turn-around time for modifying and > releasing tap-sec is quite a bit faster than for Shiro. And just a > note on annotations vs url matching - I always suggest using both if > you are serious about security. > > Kalle > > > On Fri, Feb 4, 2011 at 4:32 AM, Barry Books <trs...@gmail.com> wrote: >> First I'd like to say the Tynamo-Security/Shiro package is great, but >> I've run into a simple problem I'm not sure how to solve. I don't >> think it's really a Tynamo problem but an interaction between how >> Shiro expects URLs to work and Tapestry case insensitive URLs. I was >> working on a simple site with an admin account and an admin directory >> so I added the following to the shiro.ini file: >> >> [urls] >> /admin/** = authc, roles[administrator] >> >> The problem is if you go to /Admin the authentication is bypassed >> because /admin != /Admin. I realize this is a feature but it does not >> seem very desirable. I also realize I could annotate all my admin >> pages and fix this but that's some amount of work and error prone. I >> looked thru the Shiro docs and I don't see anyway to do a case >> insensitive match. I thought I might be able to fix this with a >> URLRewriter and map /Admin to /admin but that does not seem to work >> either. >> >> Am I missing something? Is there any simple way to resolve this? >> >> Thanks >> Barry >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
