shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-492) Subject.getRoles() functionality
Date Fri, 26 Sep 2014 18:02:34 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149728#comment-14149728
] 

Les Hazlewood commented on SHIRO-492:
-------------------------------------

This may not be possible: some Realm implementations may not be able to expose all Roles associated
with an account identity.  This is why the check is on the Realm interface - to allow the
Realm to determine if it can represent them in memory or if it needs to query an external
system.

Shiro already 'merges' roles from multiple backends computationally (a Realm role check is
executed in iteration order, and any realm can say 'yes' to the Realm check).

Out of curiosity, why is the current feature set (subject.hasRole(roleName)) not sufficient?
 I'm just trying to understand the use case.


> Subject.getRoles() functionality
> --------------------------------
>
>                 Key: SHIRO-492
>                 URL: https://issues.apache.org/jira/browse/SHIRO-492
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>            Reporter: John Vines
>
> Currently shiro provides the ability to respond whether or not a user has a list of Authorizations.
However, while the realms have methods for getting all authorizations (protected), these are
not exposed in normal use to allow asking for all Roles. This should be exposed by adding
a call to Subject to getRoles, to complement it's existing hasRoles calls. This may require
making some of the calls around authorizations, like getAuthorizationInfo in AuthorizingRealm,
public. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message