Hi ralf, I have a basic understanding of shiro but if i were you i would justo use the subject attached to the thread SecurityUtils.getSubject(); as tan annonimous user until the user logs in and then Call Subject.logon(token); Hope It helps, Tomas El 08/01/2014 06:41, "Ralph Scheuer" <[email protected]> escribió:
> Hello everybody, > > we have an online shop where I need to replace the Spring Security stuff > with Apache Shiro. > > We have certain areas where a registered user needs to be logged in > (checkout, account section, etc.) and an area where everybody is allowed to > access. > > So far, everything is working except for one aspect: In Spring security, we > had a special user (anonymous customer) who is logged in automatically upon > visiting any non-restricted area of the shop. This user has various > properties and he can also place items in the shopping cart. After the > login > of the registered user (for the checkout), the existing cart is merged with > a cart that may derive from a previous session and which has been saved for > this user in the database. > > So my question is: how do I auto-login my anonymous customer so that this > object is available as a principal via SecurityUtils when no registered > user > is remembered or logged in without really restricting anonymous access? > > With spring security, my xml for the authentication manager looked somewhat > like this (the relevant section is in the security:user-service entity: > > <security:authentication-manager alias="authenticationManager"> > > <security:authentication-provider> > > <security:user-service> > > <security:user name="user" password="user" > authorities="ROLE_USER" /> > > </security:user-service> > > </security:authentication-provider> > > <security:authentication-provider > > ref="customerAuthenticationProvider" /> > > <security:authentication-provider > > ref="rememberMeAuthenticationProvider" /> > > </security:authentication-manager> > > > > Thanks for your help. > > Ralph > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Special-anonymous-user-tp7579492.html > Sent from the Shiro User mailing list archive at Nabble.com. >
