Hi all, I'm trying to use Shiro to secure a Jersey application. However, the @RequiresAuthentication and @RequiresUser annotations seem to be simply ignored. I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no other filters are defined. Login and session handling work fine. But when I call a method that uses those annotations, it is not checked whether the subject is authenticated. The method is called although SecurityUtils.getSubject().isAuthenticated() == false. Basically my setup is similar to here: https://stackoverflow.com/questions/47548066/requiresroles-annotation-not-working-in-shiro I'm just using Shiro 1.4
Am I missing an essential part of the configuration? Best, Joerg
signature.asc
Description: Message signed with OpenPGP
