Cookies will get processed, but if you are using some other form of header based auth they wouldn't be (unless you a corresponding filter configured)
On Tue, Dec 7, 2021 at 5:04 PM Steinar Bang <s...@dod.no> wrote: > > Question: > > when I do this: > > > [main] > > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > [snip!] > > [urls] > > /api/** = anon > > /** = authc, role[myapprole] > > don't I then use a different filter than PassThruAuthenticationFilter > for /api/? > > Can I do this and still use @RequiredPermission() and @RequiredRole() on > the resources? Or will the necessary cookie and headers not be present?
