Apache Shiro before 170, when using Apache Shiro with Spring, a specially
crafted HTTP request may cause an authentication bypass
If you are NOT using Shiro’s Spring Boot Starter
(`shiro-spring-boot-web-starter`), you must configure add the
ShiroRequestMappingConfig auto configuration[1] to your application or
configure the equivalent manuall ...