The problem must be in your php application: do you send the session cookie received after authentication? When consuming secured resources you should follow those steps: 1. call login service; this should return a session cookie (look after 'Set-Cookie' header) 2. call secured resources and pass along the session cookie (using the 'Cookie' header)
Maybe this link will help: https://en.wikipedia.org/wiki/HTTP_cookie#Implementation On Mon, Jul 4, 2016 at 2:26 PM, thishani <[email protected]> wrote: > I have written some rest web services using dropwizard, integrated shiro with > it and annotated the JAX-RS resources with @RequiresAuthentication and > @RequiresRole("***"). The login in also written as a service. My services > are running on port 8585. I'm consuming these services from a php web > application running on port 80. I'm running the swagger UI on the same port > 8585 to test my services and it works perfectly fine. But when I consume my > services from the web app, the login is successful. But when I try to access > the secured resources, it gives me an 'Unauthorized Access' error. It seems > the session created at the login is valid no more. Can some body point out > what mistake am I doing? Is it because the services and the web app are > running on two different ports? Do I have to do any configurations with > ports? > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Secured-JAX-RS-Resources-Blocked-Even-After-Login-tp7581088.html > Sent from the Shiro User mailing list archive at Nabble.com.
