>>>>> Brian Demers <brian.demers-re5jqeeqqe8avxtiumw...@public.gmane.org>:
> Cookies will get processed, but if you are using some other form of > header based auth they wouldn't be (unless you a corresponding filter > configured) In this case I'm thinking of what's set by the PassThruAuthenticationFilter when authenticating the frontend. Will enough what PassThruAuthenticationFilter sets get through the anon filter, to make the @RequireRoles or @RequirePermissions in shiro-jaxrs work? Thanks! - Steinar