Ok, I am glad it worked out.
> On Feb 8, 2024, at 1:50 PM, Steinar Bang <s...@dod.no> wrote: > >>>>>> Steinar Bang <sb-1rlz5cwd...@public.gmane.org>: > >> I'm using an OSGi Web Whiteboard component >> https://github.com/steinarb/oldalbum/blob/e8dbf374c6132694f0ad7c0d4026def355d5514e/oldalbum.web.api/src/main/java/no/priv/bang/oldalbum/web/api/OldAlbumWebApiServlet.java#L33 > >> that derives from JerseyServlet, which is written by me: >> https://github.com/steinarb/servlet/blob/9cce8e033e63a23585ddb868e5af5ec2a1ba9be0/servlet/servlet.jersey/src/main/java/no/priv/bang/servlet/jersey/JerseyServlet.java#L48 > >> which in turn derives from the Jersey ServletContainer class, and in the >> init() method adds injected OSGi services to the HK2 dependency >> injection container, so that they can be injected into JAX-RS resource >> classes: >> https://github.com/steinarb/servlet/blob/9cce8e033e63a23585ddb868e5af5ec2a1ba9be0/servlet/servlet.jersey/src/main/java/no/priv/bang/servlet/jersey/JerseyServlet.java#L85 > >> I have written this myself and figured I had a pretty good handle on how >> stuff is handled, but the JAX-RS Application and the >> Application.getClasses() methods are new to me. > > Ok, I've got it working by adding the following method to > OldAlbumWebApiServlet: > @Override > protected void init(WebConfig webConfig) throws ServletException { > super.init(webConfig); > var copyOfExistingConfig = new ResourceConfig(getConfiguration()); > copyOfExistingConfig.register(ShiroFeature.class); > reload(copyOfExistingConfig); > } > > The org.glassfish.jersey.server.ResourceConfig class extends the > javax.ws.rs.core.Application class. > > After this I got 401 from the Rest API endpoint after clearing cookies, > and 200 OK when logged in. > > I'll summarize with a new post on the 2 year old thread "Shiro: possible > to configure part of the unauthenticated URLs to return 401 instead > 302?" when I've finished. >