I just realized that I also need to run some AOP processor in my build... I also found the following project which works nicely for Jersey applications, maybe something like this can be directly included in the ShiroFilter: https://github.com/silb/shiro-jersey
Best > Am 21.12.2017 um 14:13 schrieb Joerg Schoenfisch <[email protected]>: > > Hi all, > > I'm trying to use Shiro to secure a Jersey application. However, the > @RequiresAuthentication and @RequiresUser annotations seem to be simply > ignored. > I set up my web.xml as indicated in the JavaDoc for the ShiroFilter, no other > filters are defined. Login and session handling work fine. But when I call a > method that uses those annotations, it is not checked whether the subject is > authenticated. The method is called although > SecurityUtils.getSubject().isAuthenticated() == false. > Basically my setup is similar to here: > https://stackoverflow.com/questions/47548066/requiresroles-annotation-not-working-in-shiro > I'm just using Shiro 1.4 > > Am I missing an essential part of the configuration? > > > Best, > Joerg
signature.asc
Description: Message signed with OpenPGP
