You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Filipe Sousa <na...@gmail.com> on 2011/01/18 15:12:38 UTC

Different realms for different URLs

Is it possible to use different realms for different URLs.

Here's what I need:

[urls]
/myapp/** authc <-- jdbc realm
/portal/**  authc <-- ldap realm

Thanks
-- 
Filipe Sousa

Re: Different realms for different URLs

Posted by Les Hazlewood <lh...@apache.org>.

Hi Filipe,

One idea is to create a custom AuthenticationToken class (maybe a
subclass of UsernamePasswordToken?) that additionally contains a
discriminator field of some sort.  In your Realm's 'supports' method
implementation, you can check the discriminator property of the custom
AuthenticationToken and only return true if that Realm should process
that token.  You would probably also need to create a new
AuthenticationFilter implementation (and call it 'authc', overriding
the old one) that knows how to construct your custom token and set the
discriminator based on the URL.

Another approach is to create a custom Authenticator that knows how to
dispatch the token to the respective realms (e.g. in shiro.ini:
securityManager.authenticator = $myCustomAuthenticator).

HTH,

Les

On Tue, Jan 18, 2011 at 6:12 AM, Filipe Sousa <na...@gmail.com> wrote:
> Is it possible to use different realms for different URLs.
>
> Here's what I need:
>
> [urls]
> /myapp/** authc <-- jdbc realm
> /portal/**  authc <-- ldap realm
>
> Thanks
> --
> Filipe Sousa