Hello everybody,
we have an online shop where I need to replace the Spring Security stuff
with Apache Shiro.
We have certain areas where a registered user needs to be logged in
(checkout, account section, etc.) and an area where everybody is allowed to
access.
So far, everything is working except for one aspect: In Spring security, we
had a special user (anonymous customer) who is logged in automatically upon
visiting any non-restricted area of the shop. This user has various
properties and he can also place items in the shopping cart. After the login
of the registered user (for the checkout), the existing cart is merged with
a cart that may derive from a previous session and which has been saved for
this user in the database.
So my question is: how do I auto-login my anonymous customer so that this
object is available as a principal via SecurityUtils when no registered user
is remembered or logged in without really restricting anonymous access?
With spring security, my xml for the authentication manager looked somewhat
like this (the relevant section is in the security:user-service entity:
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
<security:authentication-provider
ref="customerAuthenticationProvider" />
<security:authentication-provider
ref="rememberMeAuthenticationProvider" />
</security:authentication-manager>
Thanks for your help.
Ralph
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Special-anonymous-user-tp7579492.html
Sent from the Shiro User mailing list archive at Nabble.com.
