You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Hendy Irawan <he...@soluvas.com> on 2011/04/06 22:48:26 UTC

RE: Avoiding authorization when using authcBasic filter

I also want to do similar to this, but actually much simpler (no permissions
check, just "optional" authentication).

I still don't know how to make shiro use HTTP Basic Auth (authcBasic) while
at the same time allowing anonymous!

If I use anon, getSubject().getPrincipal() will return null.

If I use authcBasic, getSubject().getPrincipal() will return username if
credentials is valid, or else the request will be rejected.

What I want is, return username if credentials is valid, return null if
credentials is not valid.

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Avoiding-authorization-when-using-authcBasic-filter-tp5948538p6247561.html
Sent from the Shiro User mailing list archive at Nabble.com.