Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
This issue was independently discovered by two different researchers: * Ruilin Yang of Tencent Security Xuanwu Lab * 淚笑 (leixiao)
