You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Terefang Verigorn (JIRA)" <ji...@apache.org> on 2014/09/23 21:47:34 UTC

[jira] [Commented] (SHIRO-492) Subject.getRoles() functionality

    [ https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145318#comment-14145318 ] 

Terefang Verigorn commented on SHIRO-492:
-----------------------------------------

i also have a case for this, if AuthorizingRealm#getAuthorizationInfo() were public.

the case look like the following:

* authenticate against active directory server
* lookup roles from ads and map them to application roles in jdbc
* use user and ads/app-roles to do fine-grained permission checking via http/soap/xacml to remote identity server (wso2-is)

my workaround is to use commons-lang/methodutils to call the method, which is only working because the tomcat security manager is currently disabled.

i also would like to merge roles from multiple backends.


 

> Subject.getRoles() functionality
> --------------------------------
>
>                 Key: SHIRO-492
>                 URL: https://issues.apache.org/jira/browse/SHIRO-492
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authorization (access control) 
>            Reporter: John Vines
>
> Currently shiro provides the ability to respond whether or not a user has a list of Authorizations. However, while the realms have methods for getting all authorizations (protected), these are not exposed in normal use to allow asking for all Roles. This should be exposed by adding a call to Subject to getRoles, to complement it's existing hasRoles calls. This may require making some of the calls around authorizations, like getAuthorizationInfo in AuthorizingRealm, public. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)