Are you sure that spring is instantiating the annotated beans? (As opposed to your jaxrs provider) - that's probably the next thing that I would check. On Sep 26, 2013 4:25 PM, "davison" <[email protected]> wrote:
> Thanks for the reply! > > I hadn't come across the "[permissive]" bit in the filter, but looking > through the code there it seems that it pretty much unconditionally allows > everything with this mapping. I added it to my setup, and also added the > Spring beans to my context that according to the Shiro docs are required to > make the annotations work. But it just doesn't work for me. Anonymous is > permitted to execute the methods protected with the annotation and no > password is requested. > > Here's my security context now: > > <bean id="shiroFilter" > class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> > <property name="securityManager" ref="securityManager"/> > <property name="filterChainDefinitions"> > <value> > /index.* = anon > /static/* = anon > /api/** = authcBasic[permissive] > </value> > </property> > </bean> > > <bean id="securityManager" > class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> > <property name="realm"> > <bean class="org.apache.shiro.realm.text.PropertiesRealm"> > <property name="resourcePath" > value="classpath:shiro-realm.properties"></property> > </bean> > </property> > </bean> > > <bean id="lifecycleBeanPostProcessor" > class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> > <bean > > class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" > depends-on="lifecycleBeanPostProcessor"/> > <bean > > class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> > <property name="securityManager" ref="securityManager"/> > </bean> > > > Is there something else I'm missing? > > Best wishes, > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/REST-API-permissions-with-anonymous-usage-tp7579176p7579186.html > Sent from the Shiro User mailing list archive at Nabble.com. >
