How to declare multiple Un-authorized URL's in apache Shiro configuration

178 views Asked by At

I am trying out the Apache Shiro framework and I basically downloaded the setup from a project online. I managed to get it working but I am stuck at a really small issue. I want to make multiple JSF pages in my project to be accessed without any authorization.

The configuration currently looks something like:

authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter    
authc.loginUrl = /login.xhtml
roles.unauthorizedUrl = /login.xhtml

Now I would like to add one more page to roles.unnauthorizeddUrl i.e. signUp.xhtml

I tried

roles.unauthorizedUrl = /login.xhtml,/signUp.xhtml

but that doesnt work. Is there a way to declare multiple unauthorized URL's in the config.

1

There are 1 answers

1
Kiran Kumar On BEST ANSWER

The roles.unauthorizedUrl is the Url to which the user has to be redirected in case user tried to access the protected / unauthorized url. So you only add one such URL, otherwise ambiguity will be raised to the framework to which url to redirect.

If you want unprotect any url use the below config in [urls] section

/login.xhtml = anon
/sugnUp.xhtml = anon