Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-371

SimpleAccountRealm should implement RolePermissionResolver

    Details

      Description

      It seems to be a valid use case to have an external user management system (ldap, active directory, etc) manage users and the roles that they are in. However, since permissions are often application-dependent, it is not uncommon to map roles to permissions at the application level. The shiro.ini file seems a perfect place to do this, but it is non-trivial to allow a different realm (again, ldap or active directory) to use the role->permission mappings place in the ini file. If the SimpleAccountRealm implemented RolePermissionResolver, then it could be done as simply as:

      myRealm = com.example.MyCustomRealm
      myRealm.rolePermissionResolver = $iniRealm

        Attachments

          Activity

            People

            • Assignee:
              deraj123 Jared Bunting
              Reporter:
              deraj123 Jared Bunting
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: