Have you actually tried it? It’s unusual but should work if I understand your example correctly
> On Mar 4, 2024, at 2:08 PM, Steinar Bang <s...@dod.no> wrote: > > If I have a shiro.ini like so: > > [main] > authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter > shiro.loginUrl = /login > shiro.unauthorizedUrl = /unauthorized > > [users] > > [urls] > / = anon > /api/** = anon > /album/** = authc > > Ie. /album/ requires a login. > > Is it then possible to programmatically add anon access to children of > /album/? > > I.e. can I programmatically do the equivalent of the following? > > [urls] > / = anon > /api/** = anon > /album/picture1 = anon > /album/picture2 = anon > /album/** = authc > > I have tried to google but I haven't found any examples of how to do > it. It should be possible since e.g. the shiro-jaxrs code does > something similar? > > Thanks! > > > - Steinar >
