In case someone knows these answers off the top of their head before I research them by implementing proof-of-concept tests:
1. Is the Authentication conditionally available in the SecureContext based upon whether the user has been routed to an entry point? Trying to understand the conditions that are present when a user hits a non-secured page. If the Authentication is not present, I will not know their granted authorities. I need to understand this so that I can determine how to treat Guests to my website.
2. Unless I missed it, there's not much information about the concept of Custom Contexts. I saw the brief note in the documentation, but that's about it. In specific, I'm trying to decide whether I should implement a custom context to contain a mini shopping cart. My site really only needs Authentication, the Cart, and some User Details. Would it be reasonable to implement a custome context and add to it a get/set for the Cart?
Thanks in advance for anyone's opinion / help.