shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Multiple Realms
Date Thu, 21 Jan 2010 20:44:45 GMT
No problem.  Just to be clear though, two configured realms would have
worked just as well.  Your 2nd Realm would subclass AuthorizingRealm
and it would always return false for the supports(AuthenticationToken)
implementation since you never want it to participate in
authentication.

Then you would implement the doGetAuthorizationInfo method to pull in
roles for that user however you want.

The benefit of this approach rather than having 1 realm do both is
that it is a little less coupled - you could swap out either realm
implementation for another without impacting the other.
Authentication and Authorization are orthogonal processes and almost
never require dependencies between the two.

Regards,

Les

On Thu, Jan 21, 2010 at 3:09 PM, rchristy <rchristy@skyroadasp.com> wrote:
>
> Sorry Les, I am post behind you.  So this sounds like I am on the right
> track, thanks for the help.
>
> Rich
> --
> View this message in context: http://n2.nabble.com/Multiple-Realms-tp4434653p4436055.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>

Mime
View raw message