Yes, my code is getting hit. In this order: 1. AuthenticatingFilter[createToken()] (return new BearerAuthenticationToken(clientId, accessToken);) 2. AuthorizingRealm[doGetAuthenticationInfo()] (return new BearerAuthenticationInfo(tokenInfoFromDatabase); 3. And then a IncorrectCredentialsException(msg) is thrown in AuthenticatingRealm.assertCredentialsMatch() when I enter invalid AccessToken
Then I receive this: HTTP POST http://localhost:8080/rest/api/v1/accounts access-token: A7aFoxCcacIwSJC8bKA_T4ai1f8IxCdz8J0dlPesOHwX Accept: application/json Content-Type: application/json Client-id: JohnSmith Content-Length: 2 Host: localhost:8080 {} 200 OK Date: Fri, 15 Aug 2014 10:26:31 GMT Content-Length: 0 Server: Apache-Coyote/1.1 (The POST-method: /rest/api/v1/accounts is not hit) Is there something I miss to Override for instance? I'm not using any caching for now. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Expected-HTTP-response-in-Apache-Shiro-when-auth-fails-tp7580148p7580154.html Sent from the Shiro User mailing list archive at Nabble.com.
