shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rchristy <>
Subject Re: Multiple Realms
Date Thu, 21 Jan 2010 20:00:39 GMT

I am basically working on an enterprise Authentication module that will run
on its own and I am trying to use shiro for that (so far very successfully). 
Right now I want to authenticate against Active Directory but house
permissions based on roles as well as users in another data source (most
likely a database).   For cases that just map roles--to-permissions, that
would be at start up since my roles are somewhat fixed.  However the only
way I was able to figure out how to do specific user based permissions was
to also read it in at start up and have these cached ahead of the user
logging in.  For these cases, the data source would contain the userid so I
could make associations, but not any password information.  So my plan was
to have my ActiveDirectoryRealm implementation use Active Directory to get
populate the getRoles() but use this second data source to determine the
permissions based on the roles/userid for the user as they login.

However I am open to other suggestions on how to implement this.  


View this message in context:
Sent from the Shiro User mailing list archive at

View raw message