You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Dan Haywood <da...@haywood-associates.co.uk> on 2014/03/17 13:09:09 UTC
How find which realms authenticated a token/subject
Hi folks,
We have an integration between Apache Isis [1] and Shiro. One of the
things we try to do is to obtain the roles of the subject so we can expose
this to the application [2]
However, it's clear when I wrote this that I misunderstood the way that
Shiro works. As I understand it, Shiro will - depending on the configured
AuthenticationStrategy - authenticate based on possibly just one of the
realms defining that user.
When I loop around to obtain the roles for the user, I really only want to
ask the realm that authenticated that user, not any of the others. As you
can see in [2], I'm currently asking all the realms for the roles for the
user; and this then blows up.
So the question is: is there a way to determine which realm(s) a subject
has been authenticated by?
Hope the question makes sense...
Thx
Dan
[1] http://isis.apache.org/documentation.html#security
[2]
https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180
Re: How find which realms authenticated a token/subject
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
OK, thanks, will do.
Dan
On 17 March 2014 13:21, Brian Demers <br...@gmail.com> wrote:
> Take a look at the PrincipalCollection
>
> http://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/subject/PrincipalCollection.html
>
> from subject.getPrincipals()
>
>
> On Mon, Mar 17, 2014 at 8:09 AM, Dan Haywood <dan@haywood-associates.co.uk
> > wrote:
>
>> Hi folks,
>>
>> We have an integration between Apache Isis [1] and Shiro. One of the
>> things we try to do is to obtain the roles of the subject so we can expose
>> this to the application [2]
>>
>> However, it's clear when I wrote this that I misunderstood the way that
>> Shiro works. As I understand it, Shiro will - depending on the configured
>> AuthenticationStrategy - authenticate based on possibly just one of the
>> realms defining that user.
>>
>> When I loop around to obtain the roles for the user, I really only want
>> to ask the realm that authenticated that user, not any of the others. As
>> you can see in [2], I'm currently asking all the realms for the roles for
>> the user; and this then blows up.
>>
>> So the question is: is there a way to determine which realm(s) a subject
>> has been authenticated by?
>>
>> Hope the question makes sense...
>>
>> Thx
>> Dan
>>
>>
>> [1] http://isis.apache.org/documentation.html#security
>> [2]
>> https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180
>>
>
>
Re: How find which realms authenticated a token/subject
Posted by Brian Demers <br...@gmail.com>.
Take a look at the PrincipalCollection
http://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/subject/PrincipalCollection.html
from subject.getPrincipals()
On Mon, Mar 17, 2014 at 8:09 AM, Dan Haywood
<da...@haywood-associates.co.uk>wrote:
> Hi folks,
>
> We have an integration between Apache Isis [1] and Shiro. One of the
> things we try to do is to obtain the roles of the subject so we can expose
> this to the application [2]
>
> However, it's clear when I wrote this that I misunderstood the way that
> Shiro works. As I understand it, Shiro will - depending on the configured
> AuthenticationStrategy - authenticate based on possibly just one of the
> realms defining that user.
>
> When I loop around to obtain the roles for the user, I really only want to
> ask the realm that authenticated that user, not any of the others. As you
> can see in [2], I'm currently asking all the realms for the roles for the
> user; and this then blows up.
>
> So the question is: is there a way to determine which realm(s) a subject
> has been authenticated by?
>
> Hope the question makes sense...
>
> Thx
> Dan
>
>
> [1] http://isis.apache.org/documentation.html#security
> [2]
> https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180
>