Thanks for your response Brian.
I made the required changes in shiro.ini as below
[users]
root = secret, admin
guest = guest, guest
[roles]
admin = *
[urls]
/** = rest
I double checked the web.xml and it has the shiro listener configuration as
mentioned by you.
But the following code still can be accessed without any user pwd
@Path("/MyResource")
@RequiresRoles("admin")
public class MyResource {
@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getMyResource() {
return Response.status(Status.OK).entity("Here is my
resource").build();
}
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/rest-glassfish4-shiro-enabled-working-sample-tp7580135p7580137.html
Sent from the Shiro User mailing list archive at Nabble.com.
