shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <>
Subject Re: Integrating Shiro, Am i writing too much code?
Date Mon, 21 Feb 2011 20:09:57 GMT
On Mon, Feb 21, 2011 at 5:52 AM, Snehesh <> wrote:
> Hi
> Apologies if the following has already been answered, but i tried my best to
> look for it and finally thought of posting the same.
> I have been reading and looking into Shiro for sometime now. The idea was to
> use this for our services layer. This layer is accessed by n number of front
> ends and hence we decided to have security at this layer.
> Also as this is a SAAS based multi tenant application, i am not able to use
> any out of the box Realms, AuthenticationInfo, Token etc. The more i try to
> integrate the more i end up overriding. I am not sure if this is the right
> way to do it as by the end of the integration i would have probably
> overridden a huge amount of code.
> My question here is that do we have a standard guideline as to what all
> should be extended/overridden if one needs a custom realm.
> Also to give an idea on our application:
> - I use Hibernate for database access
> - Authentication is based on username, tenant name/tenant id and password
> It looks like a very slight deviation from the out of the box
> functionalities but its forcing me to write everything again.
> Any suggestions will be appreciated.
> Thanks
> Snehesh
> --
> View this message in context:
> Sent from the Shiro User mailing list archive at

Hi Snehesh,

Besides creating a new AuthenticationToken (probably a subclass of
UsernamePasswordToken that also has the tenant id) and a custom Realm
to understand/process that token, what else are you overriding?

Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:

View raw message