I am trying out the Apache Shiro framework and I basically downloaded the setup from a project online. I managed to get it working but I am stuck at a really small issue. I want to make multiple JSF pages in my project to be accessed without any authorization.
The configuration currently looks something like:
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /login.xhtml
roles.unauthorizedUrl = /login.xhtml
Now I would like to add one more page to roles.unnauthorizeddUrl i.e. signUp.xhtml
I tried
roles.unauthorizedUrl = /login.xhtml,/signUp.xhtml
but that doesnt work. Is there a way to declare multiple unauthorized URL's in the config.
The
roles.unauthorizedUrlis the Url to which the user has to be redirected in case user tried to access the protected / unauthorized url. So you only add one such URL, otherwise ambiguity will be raised to the framework to which url to redirect.If you want unprotect any url use the below config in
[urls]section