Hi Jared, I'm confused - the authcBasic filter deals with authentication via the HTTP BASIC authentication protocol, and doesn't deal with authorization. Using it basically means "the user must be authenticated to visit this URL. If not, require authentication via the HTTP BASIC protocol."
Authentication and Authorization are orthogonal concepts. What are you trying to achieve? Regards, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Fri, Jan 21, 2011 at 9:14 AM, Jared Bunting <[email protected]> wrote: > Currently it appears that when using the authcBasic filter, users are > required to login. Is there any simple way to eliminate this requirement, > allowing users access (and doing authorization in the service layer) and > only sending the challenge if an "UnauthenticatedException" is thrown? > > Thanks, > Jared
