Make Apache Shiro work properly with CORS requests.

Today I bumped into one problem that resources protected by shiro won’t be accessable for CORS requests, even with correct authentication headers.

For CORS requests, the OPTIONS pre-flight request will be regarded as unauthenticated by Apache Shiro since the browser won’t add custom headers to the OPTIONS request. In my case, the OPTIONS request returned 302, attempting to redirect to the login page.

To solve this problem. I overrode the AuthenticatingFilter‘s isAccessAllowed method to make it always return true when the request’s method is OPTIONS.


OC Code Snippet #1- Create GIF Image From Movie Asset


  1. UIImage+animatedGIF (UIImage category for GIF Displaying)
  2. Movie assets to convert


Basic thinking for create GIF Image from movie assets is to create thumbnails of the movie at specified time spots and put then together at the end.

Key Selector:

This selector in AVAssetImageGenerator can “take screenshot” at requested time of associated movie and out put it as a CGImage.