It is possible. Take a look at this one: https://github.com/apache/shiro/blob/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java#L187
Make sure your filter is returning false on failure. On Fri, Aug 15, 2014 at 6:34 AM, flindby <[email protected]> wrote: > Yes, my code is getting hit. In this order: > > 1. AuthenticatingFilter[createToken()] (return new > BearerAuthenticationToken(clientId, accessToken);) > 2. AuthorizingRealm[doGetAuthenticationInfo()] (return new > BearerAuthenticationInfo(tokenInfoFromDatabase); > 3. And then a IncorrectCredentialsException(msg) is thrown in > AuthenticatingRealm.assertCredentialsMatch() when I enter invalid > AccessToken > > Then I receive this: > > HTTP POST http://localhost:8080/rest/api/v1/accounts > access-token: A7aFoxCcacIwSJC8bKA_T4ai1f8IxCdz8J0dlPesOHwX > Accept: application/json > Content-Type: application/json > Client-id: JohnSmith > Content-Length: 2 > Host: localhost:8080 > {} > > 200 OK > Date: Fri, 15 Aug 2014 10:26:31 GMT > Content-Length: 0 > Server: Apache-Coyote/1.1 > > > (The POST-method: /rest/api/v1/accounts is not hit) > > Is there something I miss to Override for instance? I'm not using any > caching for now. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148p7580154.html > Sent from the Shiro User mailing list archive at Nabble.com. >
