Hi, I believe this will be fixed in 2.0.1 See https://github.com/apache/shiro/issues/1383 <https://github.com/apache/shiro/issues/1383> for details.
> On Apr 28, 2024, at 10:03 AM, Steinar Bang <s...@dod.no> wrote: > > I'm trying to switch from shiro 1.13.0 to shiro 2.0.0 and I'm running > into test failures in my tests of jersey JAX-RS resources. > > I am getting 401 Unauthorized responses where I'm expecting 403 > Forbidden (accessing rest endpoint with a logged in user without the > required role) and I'm getting UnauthenticatedException where I'm > expecting a 401 Unauthorized response. > > Here is an example test expecting 403 but getting 401: > https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L127 > > Here is an example test expecting 401 but getting UnauthenticatedException: > https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L147 > > Here is the shiro-jaxrs annotated jersey resource: > https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/test/resources/ProtectedHelloResource.java#L13 > > Is there a way for me to get the old behaviour? > > I.e. get the same behaviour I had with shiro-jaxrs for shiro 1.13.0? > > Thanks! > > > - Steinar >