This post is a little old (dependency wise), but it should still be accurate.
See the bit about the "permissive" filter. https://stormpath.com/blog/protecting-jax-rs-resources-rbac-apache-shiro If you go this route, you will need to ensure you are checking access another way: annotation, another filter, etc. On Mon, Dec 6, 2021 at 11:20 AM Steinar Bang <s...@dod.no> wrote: > > Is it possible to configure a part of the URL space to return 401 > instead of 302 when unauthenticated? > > I would like to avoid 302 redirects for calls to the REST API. > > Thanks! > > > - Steinar
