I also want to do similar to this, but actually much simpler (no permissions check, just "optional" authentication).
I still don't know how to make shiro use HTTP Basic Auth (authcBasic) while at the same time allowing anonymous! If I use anon, getSubject().getPrincipal() will return null. If I use authcBasic, getSubject().getPrincipal() will return username if credentials is valid, or else the request will be rejected. What I want is, return username if credentials is valid, return null if credentials is not valid. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Avoiding-authorization-when-using-authcBasic-filter-tp5948538p6247561.html Sent from the Shiro User mailing list archive at Nabble.com.
