Today, I've put debug statements on shiro and found that because of securityManager.sessionManager.sessionIdCookieEnabled = false, it is not able to get the subject. As it is failing to get the subject, it is going to org.apache.shiro.subject.Subject.AuthorizationFilter.onAccessDenied() and erroring out for invalid subject. I've took log for "sessionIdCookieEnabled = true" and "sessionIdCookieEnabled = false". I've attached the log and compare screen shots for your reference.
shiro_log-1.txt: with sessionIdCookieEnabled = false Shiro_log_wSession-1.txt: with sessionIdCookieEnabled = true <http://shiro-developer.582600.n2.nabble.com/file/n7578876/Screen_Shot_2016-02-17_at_9.png> shiro_log_wSession-1.txt <http://shiro-developer.582600.n2.nabble.com/file/n7578876/shiro_log_wSession-1.txt> shiro_log-1.txt <http://shiro-developer.582600.n2.nabble.com/file/n7578876/shiro_log-1.txt> -- View this message in context: http://shiro-developer.582600.n2.nabble.com/After-PassThruAuthentication-HTTP-404-Login-jsp-error-tp7578874p7578876.html Sent from the Shiro Developer mailing list archive at Nabble.com.
