Hi, I'm using Apache Shiro in Karaf 4.0.7. Not sure if the problem I have is a Karaf related problem or just a Pax-Web related problem so I post in both foras.
Here is an extract of my Shiro ini file: [urls] /api/getCurrentUser = anon /login = authc /logout = logout /admin/** = authc The intention is that the first url (that is associated with "anon") should be allowed to access without a user being authenticated. When I deploy my application in Karaf, an HTTP status code 401 is returned and basic authentication is triggered in the browser. If I enter user=password=karaf then I get through. Does anyone have any idea why this happens? Is it so that if the url is not stopped by Shiro then it continues to a filter that Karaf/Pax-Web has set up that requires basic authentication? How can I get around this? /Bengt