I have a web application that has some web services and some account pages. When protected account pages are accessed it authenticates against CAS. That works fine.
If a webservice is invoked by the same application the rest service should not need authentication any more. However rest services are also exposed and I want authcBasic enabled on them if the client is not my own web app. So my question is how do I configure the /rest/** url so that it does not ask for authentication if it is being called from an authenticated CAS user but prompt for basic auth if the client is not my web app? Heres my shiro urls section config: [urls] /shiro-cas = casFilter /account/** = roles[ROLE_USER] /rest/** = authcBasic -- View this message in context: http://shiro-user.582556.n2.nabble.com/authcBasic-with-shiro-cas-tp7579708.html Sent from the Shiro User mailing list archive at Nabble.com.
