It seems that if I comment away the following line in etc/system.properties then the basic authentication goes away:
*karaf.local.roles = admin,manager,viewer,systembundles* Not sure how this works. Would appreciate if someone could explain. /Bengt 2016-11-04 16:42 GMT+01:00 Bengt Rodehav <[email protected]>: > Hi, > > I'm using Apache Shiro in Karaf 4.0.7. Not sure if the problem I have is a > Karaf related problem or just a Pax-Web related problem so I post in both > foras. > > Here is an extract of my Shiro ini file: > > [urls] > /api/getCurrentUser = anon > /login = authc > /logout = logout > /admin/** = authc > > The intention is that the first url (that is associated with "anon") > should be allowed to access without a user being authenticated. > > When I deploy my application in Karaf, an HTTP status code 401 is returned > and basic authentication is triggered in the browser. If I enter > user=password=karaf then I get through. > > Does anyone have any idea why this happens? Is it so that if the url is > not stopped by Shiro then it continues to a filter that Karaf/Pax-Web has > set up that requires basic authentication? > > How can I get around this? > > /Bengt >
