Sheesh, I think you are right :)
> On May 20, 2024, at 4:01 PM, Steinar Bang <s...@dod.no> wrote:
>
>>>>>> Steinar Bang <sb-1rlz5cwd...@public.gmane.org>:
>
>>>>>> lenny-5o6p1tln9c5dpfhejli6iq-xmd5yjdbdmrexy1tmh2...@public.gmane.org:
>>> Hi,
>>> I believe this will be fixed in 2.0.1
>>> See https://github.com/apache/shiro/issues/1383
>>> <https://github.com/apache/shiro/issues/1383> for details.
>
>> Ah, thanks!
>
>> I will hold off switching from 1.13.0 until 2.0.1 is out.
>
> Just tried a snapshot built from the current main and the fix still
> don't work for me: the test expecting 403 gets 401 and the test
> expecting 401 gets 403.
>
> The test expecting 403 uses a logged in user without the the required role:
> https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L127
>
> The test expecting 401 has no user logged in:
> https://github.com/steinarb/servlet/blob/master/servlet/servlet.jersey/src/test/java/no/priv/bang/servlet/jersey/JerseyServletTest.java#L147
>
> I put more info in a comment on issue 1383:
> https://github.com/apache/shiro/issues/1383#issuecomment-2121189462
>
