You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Sviridov <oo...@mail.ru> on 2020/05/15 15:10:13 UTC
AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
Hi all,
I am learning Shiro and can’t understand why in
AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
we have `PrincipalCollection pc` but not `Principal p`. By other workds,
why collection?
Could anyone explain?
--
Alex Sviridov
Re[2]: AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
Posted by Alex Sviridov <oo...@mail.ru>.
Thank you very much for your explanation
>Пятница, 15 мая 2020, 18:51 +03:00 от Brian Demers <br...@gmail.com>:
>
>A user (principal) could be part of multiple realms. Maybe your user authenticates from one realm, and is authorized by a different one. For example, your user/passwords are handled by an LDAP server, but your permissions-to-user mappings are application-specific. This would result in a collection of principals.
>
>The Javadoc for PrincipalCollection, as some great info too: https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/subject/PrincipalCollection.java
>
>Many applications just use a single realm and single Principal, in which case you can just call `subject.getPrincipal()` and avoid the `PrincipalCollection` altogether.
>On Fri, May 15, 2020 at 11:10 AM Alex Sviridov < ooo_saturn7@mail.ru > wrote:
>>Hi all,
>>
>>I am learning Shiro and can’t understand why in
>>AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
>>we have `PrincipalCollection pc` but not `Principal p`. By other workds,
>>why collection?
>>
>>Could anyone explain?
>>
>>--
>>Alex Sviridov
--
Alex Sviridov
Re: AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
Posted by Brian Demers <br...@gmail.com>.
A user (principal) could be part of multiple realms. Maybe your user
authenticates from one realm, and is authorized by a different one. For
example, your user/passwords are handled by an LDAP server, but your
permissions-to-user mappings are application-specific. This would result
in a collection of principals.
The Javadoc for PrincipalCollection, as some great info too:
https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/subject/PrincipalCollection.java
Many applications just use a single realm and single Principal, in which
case you can just call `subject.getPrincipal()` and avoid the
`PrincipalCollection` altogether.
On Fri, May 15, 2020 at 11:10 AM Alex Sviridov <oo...@mail.ru> wrote:
> Hi all,
>
> I am learning Shiro and can’t understand why in
> AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
> we have `PrincipalCollection pc` but not `Principal p`. By other workds,
> why collection?
>
> Could anyone explain?
>
> --
> Alex Sviridov
>