In my web application, I do not have user registrations/login. What I have is the user account is automatically created when the user visits the site first time based on the cookie. How can I use Shiro for this purpose to authenticate such a user ( and also take advantage of its other web security features)?
If the user chooses to login via Facebook connect, then how can I use Shiro for this scenario?
Ok, after JohnS told me that the linked blog post doesn't work and some time passed by, I reworked my answer.
In my understanding, Apache Shiro doesn't support (at the time of this writing) OAuth, see SHIRO-21 and SHIRO-119 and also the comments on them.
There are two libraries which simplifie OAuth, Scribe and pac4j.
Please make sure to read Facebook OAuth 2.0 and Server-Side Authentication). If you want to enable your site to use OAuth 2.0 then you have to follow the guide on the links.
There is also the mentioned blog post and alternatively you can use Spring security and Spring social, see Signing in with Service Provider Accounts.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With