Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.0.0-RC1
-
None
Description
In light of secman, this realm is for the most part redundant. What it does is to extend Shiro's LDAP realm to also query LDAP for roles (aka groups), and to map these roles to permissions ... in other words, it adds authorisation on top of Shiro's LDAP authentication.
However, it's much more convenient and powerful to use secman for authorisation. We already have support (through secman's own realm with "delegate" realm capability) to configure shiro for ldap authentication, with secman for authorisation.