I have nothing in web.xml, but shiro still bootstraps itself and protects resources defined in shiro.ini. Is this expected behavior?
If I add elements to web.xml along the lines of what is described here https://shiro.apache.org/web.html, I see no difference in how my web application is secured. This holds true on tomcat 9.0.30 and Google Cloud Platform App Engine. -- Sent from: http://shiro-user.582556.n2.nabble.com/
