commit | b90f91875e5e18c4805013c2fa0567b1700f5a96 | [log] [tgz] |
---|---|---|
author | Brian Demers <bdemers@apache.org> | Tue Apr 07 15:56:56 2020 -0400 |
committer | Brian Demers <bdemers@apache.org> | Tue Apr 07 15:56:56 2020 -0400 |
tree | 9318b3d1e049bbabb2a7dc0ea1193112d949dc0a | |
parent | 4cf242d29552876ba09bc7e1ca0b841ba5ae4017 [diff] |
The context path is no longer used when determining the path application path Servlet-Path + Path-Info is used instead NOTE: some servlet containers will decode the context-path (Tomcat) and others will not (Jetty). Per the Servlet spect the servlet-path and path-info are always decoded. Shiro only makes decisions based on the application path, I.e. the request URI with the context-path removed, so we can just avoid dealing with it all together. `WebUtils.getRequestURI()` has been deprecated to reflect this, and the previous behavior restored (as there was an issue with double decoding the URL in SHIRO-753) Fixes: SHIRO-753
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application – from the smallest mobile applications to the largest web and enterprise applications.