[Bug] stdlib java httpclient returns an exception on some shiro.ini setups when authenticated but not authorized

[OyvindLGjesdal]

Search before asking

• I had searched in the issues and found no similar issues.

Environment

I am trying to use Shiro from within Apache Jena Fuseki. I tried to work on some the shiro.ini examples and have made a test case apache/jena@main...OyvindLGjesdal:jena:shiro access_userPassword_group()

example-shiro.ini:

# Licensed under the terms of http://www.apache.org/licenses/LICENSE-2.0

[main]
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher

[roles]
admin=*

[users]
admin=pw,admin
user1=passwd1,user

[urls]
/$/ping = authcBasic,roles[admin]
/ds = authcBasic,roles[user]
/** = anon

I have searched within the Jena source code and believe that the issue could be in shiro.

Shiro version

2.0.4

What was the actual outcome?

The test (and the stdlib httpclient) throws an exception:

org.apache.jena.atlas.web.HttpException: GET http://localhost:64791/$/ping

	at org.apache.jena.http.HttpLib.executeJDK(HttpLib.java:654)
	at org.apache.jena.http.auth.AuthLib.authExecute(AuthLib.java:54)
	at org.apache.jena.http.HttpLib.execute(HttpLib.java:600)
	at org.apache.jena.http.HttpLib.execute(HttpLib.java:557)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:122)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:116)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:111)
	at org.apache.jena.fuseki.mod.shiro.TestModShiro.access_userPassword_group(TestModShiro.java:260)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
Caused by: java.io.IOException: WWW-Authenticate header missing for response

What was the expected outcome?

I would expect a 403 forbidden since the user is logged in but unauthorized.

If a 401 is returned I would expect a WWW-authenticate header

A 401 Unauthorized is similar to the 403 Forbidden response, except that a 403 is returned when a request contains valid credentials, but the client does not have permissions to perform a certain action.

How to reproduce

I did make some initial attempts at creating a test case from within shiro, but didn't find out exactly how to proceed. Hoping that the test I wrote for Jena can help debug, or show that it is my error as a user: apache/jena@main...OyvindLGjesdal:jena:shiro

Debug logs

/Users/oyvindlgjesdal/Library/Java/JavaVirtualMachines/corretto-21.0.7/Contents/Home/bin/java -javaagent:/Users/oyvindlgjesdal/Library/Caches/JetBrains/IntelliJIdea2025.1/captureAgent/debugger-agent.jar=file:///var/folders/9w/zn9rq6j50v9bhlhkb0l0l8hc0000gn/T/capture7731414279054027464.props -ea -Didea.test.cyclic.buffer.size=1048576 -javaagent:/Users/oyvindlgjesdal/Applications/IntelliJ IDEA Ultimate.app/Contents/lib/idea_rt.jar=64782 -Dkotlinx.coroutines.debug.enable.creation.stack.trace=false -Ddebugger.agent.enable.coroutines=true -Dkotlinx.coroutines.debug.enable.flows.stack.trace=true -Dkotlinx.coroutines.debug.enable.mutable.state.flows.stack.trace=true -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.stderr.encoding=UTF-8 -classpath /Users/oyvindlgjesdal/Applications/IntelliJ IDEA Ultimate.app/Contents/lib/idea_rt.jar:/Users/oyvindlgjesdal/Applications/IntelliJ IDEA Ultimate.app/Contents/plugins/junit/lib/junit5-rt.jar:/Users/oyvindlgjesdal/Applications/IntelliJ IDEA Ultimate.app/Contents/plugins/junit/lib/junit-rt.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-main/target/test-classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-main/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-core/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-rdfpatch/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-shacl/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-shex/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-tdb1/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-tdb2/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-db/jena-dboe-storage/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-db/jena-dboe-trans-data/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-db/jena-dboe-transaction/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-db/jena-dboe-base/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-db/jena-dboe-index/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-rdfconnection/target/classes:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-fileupload2-jakarta-servlet6/2.0.0-M2/commons-fileupload2-jakarta-servlet6-2.0.0-M2.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-fileupload2-core/2.0.0-M2/commons-fileupload2-core-2.0.0-M2.jar:/Users/oyvindlgjesdal/.m2/repository/commons-io/commons-io/2.19.0/commons-io-2.19.0.jar:/Users/oyvindlgjesdal/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.1.0/jakarta.servlet-api-6.1.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar:/Users/oyvindlgjesdal/.m2/repository/io/micrometer/micrometer-core/1.15.0/micrometer-core-1.15.0.jar:/Users/oyvindlgjesdal/.m2/repository/io/micrometer/micrometer-commons/1.15.0/micrometer-commons-1.15.0.jar:/Users/oyvindlgjesdal/.m2/repository/io/micrometer/micrometer-observation/1.15.0/micrometer-observation-1.15.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/hdrhistogram/HdrHistogram/2.2.2/HdrHistogram-2.2.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/latencyutils/LatencyUtils/2.0.3/LatencyUtils-2.0.3.jar:/Users/oyvindlgjesdal/.m2/repository/io/micrometer/micrometer-registry-prometheus/1.15.0/micrometer-registry-prometheus-1.15.0.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-core/1.3.6/prometheus-metrics-core-1.3.6.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-model/1.3.6/prometheus-metrics-model-1.3.6.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-config/1.3.6/prometheus-metrics-config-1.3.6.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-tracer-common/1.3.6/prometheus-metrics-tracer-common-1.3.6.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-exposition-formats/1.3.6/prometheus-metrics-exposition-formats-1.3.6.jar:/Users/oyvindlgjesdal/.m2/repository/io/prometheus/prometheus-metrics-exposition-textformats/1.3.6/prometheus-metrics-exposition-textformats-1.3.6.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-core/target/test-classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-access/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-cmds/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-core/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-base/target/classes:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-csv/1.14.0/commons-csv-1.14.0.jar:/Users/oyvindlgjesdal/.m2/repository/commons-codec/commons-codec/1.18.0/commons-codec-1.18.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-compress/1.27.1/commons-compress-1.27.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-collections4/4.5.0/commons-collections4-4.5.0.jar:/Users/oyvindlgjesdal/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.2.0/caffeine-3.2.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar:/Users/oyvindlgjesdal/.m2/repository/com/github/andrewoma/dexx/collection/0.7/collection-0.7.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-iri/target/classes:/Users/oyvindlgjesdal/.m2/repository/org/roaringbitmap/RoaringBitmap/1.3.0/RoaringBitmap-1.3.0.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-arq/target/classes:/Users/oyvindlgjesdal/.m2/repository/com/google/code/gson/gson/2.13.1/gson-2.13.1.jar:/Users/oyvindlgjesdal/.m2/repository/com/google/errorprone/error_prone_annotations/2.38.0/error_prone_annotations-2.38.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.17/jcl-over-slf4j-2.0.17.jar:/Users/oyvindlgjesdal/.m2/repository/com/apicatalog/titanium-json-ld/1.6.0/titanium-json-ld-1.6.0.jar:/Users/oyvindlgjesdal/.m2/repository/com/apicatalog/titanium-jcs/1.0.0/titanium-jcs-1.0.0.jar:/Users/oyvindlgjesdal/.m2/repository/com/apicatalog/titanium-rdf-api/1.0.0/titanium-rdf-api-1.0.0.jar:/Users/oyvindlgjesdal/.m2/repository/com/apicatalog/titanium-rdf-n-quads/1.0.0/titanium-rdf-n-quads-1.0.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/glassfish/jakarta.json/2.0.1/jakarta.json-2.0.1.jar:/Users/oyvindlgjesdal/.m2/repository/com/google/protobuf/protobuf-java/4.31.0/protobuf-java-4.31.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/thrift/libthrift/0.21.0/libthrift-0.21.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-iri3986/target/classes:/Users/oyvindlgjesdal/repos/apache/jena/jena-langtag/target/classes:/Users/oyvindlgjesdal/.m2/repository/commons-cli/commons-cli/1.9.0/commons-cli-1.9.0.jar:/Users/oyvindlgjesdal/repos/apache/jena/jena-fuseki2/jena-fuseki-ui/target/classes:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/ee10/jetty-ee10-servlet/12.0.21/jetty-ee10-servlet-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-server/12.0.21/jetty-server-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-session/12.0.21/jetty-session-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/ee10/jetty-ee10-servlets/12.0.21/jetty-ee10-servlets-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-http/12.0.21/jetty-http-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-io/12.0.21/jetty-io-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-util/12.0.21/jetty-util-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-security/12.0.21/jetty-security-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/eclipse/jetty/jetty-xml/12.0.21/jetty-xml-12.0.21.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-core/2.0.4/shiro-core-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-lang/2.0.4/shiro-lang-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-cache/2.0.4/shiro-cache-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-crypto-hash/2.0.4/shiro-crypto-hash-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-crypto-core/2.0.4/shiro-crypto-core-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.80/bcprov-jdk18on-1.80.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/crypto/shiro-hashes-argon2/2.0.4/shiro-hashes-argon2-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/crypto/shiro-hashes-bcrypt/2.0.4/shiro-hashes-bcrypt-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-crypto-cipher/2.0.4/shiro-crypto-cipher-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-config-core/2.0.4/shiro-config-core-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-config-ogdl/2.0.4/shiro-config-ogdl-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/commons-beanutils/commons-beanutils/1.10.1/commons-beanutils-1.10.1.jar:/Users/oyvindlgjesdal/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-event/2.0.4/shiro-event-2.0.4.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/shiro/shiro-web/2.0.4/shiro-web-2.0.4-jakarta.jar:/Users/oyvindlgjesdal/.m2/repository/org/owasp/encoder/encoder/1.3.1/encoder-1.3.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/vintage/junit-vintage-engine/5.12.2/junit-vintage-engine-5.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-engine/1.12.2/junit-platform-engine-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/opentest4j/opentest4j/1.3.0/opentest4j-1.3.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-commons/1.12.2/junit-platform-commons-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/junit/junit/4.13.2/junit-4.13.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/Users/oyvindlgjesdal/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/jupiter/junit-jupiter/5.12.2/junit-jupiter-5.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.12.2/junit-jupiter-api-5.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.12.2/junit-jupiter-engine-5.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.12.2/junit-jupiter-params-5.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-suite/1.12.2/junit-platform-suite-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-suite-api/1.12.2/junit-platform-suite-api-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-suite-engine/1.12.2/junit-platform-suite-engine-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-suite-commons/1.12.2/junit-platform-suite-commons-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/junit/platform/junit-platform-launcher/1.12.2/junit-platform-launcher-1.12.2.jar:/Users/oyvindlgjesdal/.m2/repository/org/awaitility/awaitility/4.3.0/awaitility-4.3.0.jar:/Users/oyvindlgjesdal/.m2/repository/org/hamcrest/hamcrest/2.1/hamcrest-2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/logging/log4j/log4j-slf4j2-impl/2.24.3/log4j-slf4j2-impl-2.24.3.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/logging/log4j/log4j-api/2.24.3/log4j-api-2.24.3.jar:/Users/oyvindlgjesdal/.m2/repository/org/apache/logging/log4j/log4j-core/2.24.3/log4j-core-2.24.3.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/js/js-scriptengine/24.2.1/js-scriptengine-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/polyglot/polyglot/24.2.1/polyglot-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/sdk/collections/24.2.1/collections-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/sdk/nativeimage/24.2.1/nativeimage-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/sdk/word/24.2.1/word-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/js/js-language/24.2.1/js-language-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/regex/regex/24.2.1/regex-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/truffle/truffle-api/24.2.1/truffle-api-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/shadowed/icu4j/24.2.1/icu4j-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/shadowed/xz/24.2.1/xz-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/truffle/truffle-runtime/24.2.1/truffle-runtime-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/sdk/jniutils/24.2.1/jniutils-24.2.1.jar:/Users/oyvindlgjesdal/.m2/repository/org/graalvm/truffle/truffle-compiler/24.2.1/truffle-compiler-24.2.1.jar com.intellij.rt.junit.JUnitStarter -ideVersion5 -junit5 org.apache.jena.fuseki.mod.shiro.TestModShiro,access_userPassword_group
21:59:27 DEBUG ResourceUtils :: Opening file [testing/Shiro/shiro_user_group_password.ini]...
21:59:27 INFO  EnvironmentLoader :: Starting Shiro environment initialization.
21:59:27 DEBUG IniWebEnvironment :: Checking any specified config locations.
21:59:27 DEBUG ResourceUtils :: Opening file [testing/Shiro/shiro_user_group_password.ini]...
21:59:27 DEBUG Ini        :: Parsing [main]
21:59:27 DEBUG Ini        :: Parsing [roles]
21:59:27 DEBUG Ini        :: Parsing [users]
21:59:27 DEBUG Ini        :: Parsing [urls]
21:59:27 DEBUG IniFactorySupport :: Creating instance from Ini [sections=main,roles,users,urls]
21:59:27 DEBUG IniRealm   :: Discovered the [roles] section.  Processing...
21:59:27 DEBUG IniRealm   :: Discovered the [users] section.  Processing...
21:59:27 DEBUG IniFactorySupport :: Creating instance from Ini [sections=main,roles,users,urls]
21:59:27 DEBUG DefaultFilterChainManager :: Creating chain [/$/ping] with global filters [invalidRequest] and from String definition [authcBasic,roles[admin]]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/$/ping] to filter [invalidRequest] with config [null]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/$/ping] to filter [authcBasic] with config [null]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/$/ping] to filter [roles] with config [admin]
21:59:27 DEBUG DefaultFilterChainManager :: Creating chain [/ds] with global filters [invalidRequest] and from String definition [authcBasic,roles[user]]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/ds] to filter [invalidRequest] with config [null]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/ds] to filter [authcBasic] with config [null]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/ds] to filter [roles] with config [user]
21:59:27 DEBUG DefaultFilterChainManager :: Creating chain [/**] with global filters [invalidRequest] and from String definition [anon]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/**] to filter [invalidRequest] with config [null]
21:59:27 DEBUG DefaultFilterChainManager :: Attempting to apply path [/**] to filter [anon] with config [null]
21:59:27 DEBUG EnvironmentLoader :: Published WebEnvironment as ServletContext attribute with name [org.apache.shiro.web.env.EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY]
21:59:27 INFO  EnvironmentLoader :: Shiro environment initialized in 63 ms.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG BasicHttpAuthenticationFilter :: Attempting to execute login with auth header
21:59:28 DEBUG AuthenticatingRealm :: Looked up AuthenticationInfo [user1] from doGetAuthenticationInfo
21:59:28 DEBUG AuthenticatingRealm :: AuthenticationInfo caching is disabled for info [user1].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].
21:59:28 DEBUG SimpleCredentialsMatcher :: Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
21:59:28 DEBUG SimpleCredentialsMatcher :: Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
21:59:28 DEBUG AbstractAuthenticator :: Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].  Returned account [user1]
21:59:28 DEBUG SimpleCookie :: Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 16-Jul-2025 19:59:28 GMT; SameSite=lax]
21:59:28 DEBUG AbstractRememberMeManager :: AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG BasicHttpAuthenticationFilter :: Attempting to execute login with auth header
21:59:28 DEBUG AuthenticatingRealm :: Looked up AuthenticationInfo [user1] from doGetAuthenticationInfo
21:59:28 DEBUG AuthenticatingRealm :: AuthenticationInfo caching is disabled for info [user1].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].
21:59:28 DEBUG SimpleCredentialsMatcher :: Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
21:59:28 DEBUG SimpleCredentialsMatcher :: Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
21:59:28 DEBUG AbstractAuthenticator :: Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].  Returned account [user1]
21:59:28 DEBUG SimpleCookie :: Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 16-Jul-2025 19:59:28 GMT; SameSite=lax]
21:59:28 DEBUG AbstractRememberMeManager :: AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG BasicHttpAuthenticationFilter :: Attempting to execute login with auth header
21:59:28 DEBUG AuthenticatingRealm :: Looked up AuthenticationInfo [admin] from doGetAuthenticationInfo
21:59:28 DEBUG AuthenticatingRealm :: AuthenticationInfo caching is disabled for info [admin].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false (127.0.0.1)].
21:59:28 DEBUG SimpleCredentialsMatcher :: Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
21:59:28 DEBUG SimpleCredentialsMatcher :: Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
21:59:28 DEBUG AbstractAuthenticator :: Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false (127.0.0.1)].  Returned account [admin]
21:59:28 DEBUG SimpleCookie :: Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 16-Jul-2025 19:59:28 GMT; SameSite=lax]
21:59:28 DEBUG AbstractRememberMeManager :: AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG HttpAuthenticationFilter :: Authentication required: sending 401 Authentication challenge response.
21:59:28 DEBUG BasicHttpAuthenticationFilter :: Attempting to execute login with auth header
21:59:28 DEBUG AuthenticatingRealm :: Looked up AuthenticationInfo [user1] from doGetAuthenticationInfo
21:59:28 DEBUG AuthenticatingRealm :: AuthenticationInfo caching is disabled for info [user1].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].
21:59:28 DEBUG SimpleCredentialsMatcher :: Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
21:59:28 DEBUG SimpleCredentialsMatcher :: Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
21:59:28 DEBUG AbstractAuthenticator :: Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].  Returned account [user1]
21:59:28 DEBUG SimpleCookie :: Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 16-Jul-2025 19:59:28 GMT; SameSite=lax]
21:59:28 DEBUG AbstractRememberMeManager :: AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.
http://localhost:64791/$/ping
21:59:28 DEBUG BasicHttpAuthenticationFilter :: Attempting to execute login with auth header
21:59:28 DEBUG AuthenticatingRealm :: Looked up AuthenticationInfo [user1] from doGetAuthenticationInfo
21:59:28 DEBUG AuthenticatingRealm :: AuthenticationInfo caching is disabled for info [user1].  Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].
21:59:28 DEBUG SimpleCredentialsMatcher :: Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
21:59:28 DEBUG SimpleCredentialsMatcher :: Both credentials arguments can be easily converted to byte arrays.  Performing array equals comparison
21:59:28 DEBUG AbstractAuthenticator :: Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - user1, rememberMe=false (127.0.0.1)].  Returned account [user1]
21:59:28 DEBUG SimpleCookie :: Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Wed, 16-Jul-2025 19:59:28 GMT; SameSite=lax]
21:59:28 DEBUG AbstractRememberMeManager :: AuthenticationToken did not indicate RememberMe is requested.  RememberMe functionality will not be executed for corresponding account.

org.apache.jena.atlas.web.HttpException: GET http://localhost:64791/$/ping

	at org.apache.jena.http.HttpLib.executeJDK(HttpLib.java:654)
	at org.apache.jena.http.auth.AuthLib.authExecute(AuthLib.java:54)
	at org.apache.jena.http.HttpLib.execute(HttpLib.java:600)
	at org.apache.jena.http.HttpLib.execute(HttpLib.java:557)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:122)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:116)
	at org.apache.jena.http.HttpOp.httpGetString(HttpOp.java:111)
	at org.apache.jena.fuseki.mod.shiro.TestModShiro.access_userPassword_group(TestModShiro.java:260)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
Caused by: java.io.IOException: WWW-Authenticate header missing for response code 401
	at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:967)
	at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
	at org.apache.jena.http.HttpLib.executeJDK(HttpLib.java:640)
	... 10 more
Caused by: java.io.IOException: WWW-Authenticate header missing for response code 401
	at java.net.http/jdk.internal.net.http.AuthenticationFilter.response(AuthenticationFilter.java:271)
	at java.net.http/jdk.internal.net.http.MultiExchange.responseFilters(MultiExchange.java:254)
	at java.net.http/jdk.internal.net.http.MultiExchange.lambda$responseAsyncImpl$6(MultiExchange.java:419)
	at java.base/java.util.concurrent.CompletableFuture$UniCompose.tryFire(CompletableFuture.java:1150)
	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
	at java.base/java.util.concurrent.CompletableFuture.postFire(CompletableFuture.java:614)
	at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:653)
	at java.base/java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:482)
	at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:177)
	at java.base/java.util.concurrent.CompletableFuture$UniCompletion.claim(CompletableFuture.java:572)
	at java.base/java.util.concurrent.CompletableFuture$UniApply.tryFire(CompletableFuture.java:642)
	at java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
	at java.base/java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2179)
	at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.handle(Http1Response.java:610)
	at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.handle(Http1Response.java:536)
	at java.net.http/jdk.internal.net.http.Http1Response$Receiver.accept(Http1Response.java:527)
	at java.net.http/jdk.internal.net.http.Http1Response$HeadersReader.tryAsyncReceive(Http1Response.java:583)
	at java.net.http/jdk.internal.net.http.Http1AsyncReceiver.flush(Http1AsyncReceiver.java:233)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:182)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149)
	at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:207)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
	at java.base/java.lang.Thread.run(Thread.java:1583)


Process finished with exit code 255
```

[lprimak]

Thank you for your thorough analysis!
You are correct.
If you specify unauthorizedUrl in your shiro.ini it should work around this error.
Let me know if that fixes your immediate issue.