shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Elhanan Maayan (JIRA)" <>
Subject [jira] [Created] (SHIRO-311) allow the use of shiro as Autorization only framework
Date Thu, 07 Jul 2011 20:08:17 GMT
allow the use of shiro as Autorization only framework

                 Key: SHIRO-311
             Project: Shiro
          Issue Type: New Feature
          Components: Authentication (log-in), Authorization (access control) , Configuration,
Integration: JEE
    Affects Versions: 1.1.0
         Environment: java 6 , active directory
            Reporter: Elhanan Maayan

currently shiro uses login as the only entry point to the application which uses authentication
and authorization procedures, defined in the chosen subclasses realm.
however in many organization's intranet , a domain authentication is already employed making
the authentication process in shiro redundant.

in order to keep consistency with the framework, a new type of Token should be created called
AuthenticatedToken. the difference is  shiro would be able to create such a token in it's
filter by inspecting getRemoteUer of the HTTP request, which according to the spec is !=null
only when the user is authenticated. 

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message