shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: IP based authorization
Date Fri, 16 Oct 2009 19:23:46 GMT
If a user is anonymous, they by definition don't have any assigned
roles or permissions - is is the responsibility of the application
programmer to decide what happens for an anonymous user.

You can show them a specific view, or enable or disable buttons or do
anything else accordingly.

For example:

if ( subject.getPrincipal() == null ) {
    //show login link/button
} else {
   //show logout button



On Fri, Oct 16, 2009 at 3:09 PM, Achint Srivastava <> wrote:
> Also what is the best way to support to support anonymous users? Today if a user is anonymous
subject.getPrincipal() is NULL so isPermitted() returns false without checking permissions.

View raw message