| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # INI configuration is very powerful and flexible, while still remaining succinct. |
| # Please http://shiro.apache.org/configuration.html and |
| # http://shiro.apache.org/web.html for more. |
| |
| [main] |
| shiro.loginUrl = /v1/login/check |
| |
| [users] |
| # format: username = password, role1, role2, ..., roleN |
| admin = admin,admin |
| guest = guest,guest |
| |
| [roles] |
| # format: roleName = permission1, permission2, ..., permissionN |
| admin = * |
| |
| [urls] |
| # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but |
| # the 'authc' filter must still be specified for it so it can process that url's |
| # login submissions. It is 'smart' enough to allow those requests through as specified by the |
| # shiro.loginUrl above. |
| /v1/login/check = authc |
| /logout = logout |
| /index.html = authc |
| /home/css/** = anon |
| /home/js/** = anon |
| /home/** = authc |
| /v1/** = authc |
