Question: when I do this:
> [main] > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter [snip!] > [urls] > /api/** = anon > /** = authc, role[myapprole] don't I then use a different filter than PassThruAuthenticationFilter for /api/? Can I do this and still use @RequiredPermission() and @RequiredRole() on the resources? Or will the necessary cookie and headers not be present?