Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-5651

Anonymous user (or disabled security) not happy with shiro annotations

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.4
    • Fix Version/s: 2.5
    • Component/s: REST, Security
    • Labels:
      None

      Description

      Cannot access shiro protected jersey resources using anonymous user (or disabled security):

      This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.

      Also, those resources cannot be accessed using wget/restclient/curl even if I did provided auth as user/pass. Not basic not digest.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            alin Alin Dreghiciu
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title