You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Alex Sviridov <oo...@mail.ru> on 2020/05/15 15:10:13 UTC

AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)

Hi all,
 
I am learning Shiro and can’t understand why in
AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
we have `PrincipalCollection pc` but not `Principal p`. By other workds,
why collection?
 
Could anyone explain?
 
--
Alex Sviridov

Re[2]: AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)

Posted by Alex Sviridov <oo...@mail.ru>.

Thank you very much for your explanation

  
>Пятница, 15 мая 2020, 18:51 +03:00 от Brian Demers <br...@gmail.com>:
> 
>A user (principal) could be part of multiple realms.  Maybe your user authenticates from one realm, and is authorized by a different one. For example, your user/passwords are handled by an LDAP server, but your permissions-to-user mappings are application-specific.  This would result in a collection of principals.
> 
>The Javadoc for PrincipalCollection, as some great info too:  https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/subject/PrincipalCollection.java
> 
>Many applications just use a single realm and single Principal, in which case you can just call `subject.getPrincipal()` and avoid the `PrincipalCollection` altogether.  
>On Fri, May 15, 2020 at 11:10 AM Alex Sviridov < ooo_saturn7@mail.ru > wrote:
>>Hi all,
>> 
>>I am learning Shiro and can’t understand why in
>>AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
>>we have `PrincipalCollection pc` but not `Principal p`. By other workds,
>>why collection?
>> 
>>Could anyone explain?
>> 
>>--
>>Alex Sviridov 
 
 
--
Alex Sviridov

Re: AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)

Posted by Brian Demers <br...@gmail.com>.

A user (principal) could be part of multiple realms.  Maybe your user
authenticates from one realm, and is authorized by a different one. For
example, your user/passwords are handled by an LDAP server, but your
permissions-to-user mappings are application-specific.  This would result
in a collection of principals.

The Javadoc for PrincipalCollection, as some great info too:
https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/subject/PrincipalCollection.java

Many applications just use a single realm and single Principal, in which
case you can just call `subject.getPrincipal()` and avoid the
`PrincipalCollection` altogether.

On Fri, May 15, 2020 at 11:10 AM Alex Sviridov <oo...@mail.ru> wrote:

> Hi all,
>
> I am learning Shiro and can’t understand why in
> AuthorizingRealm#doGetAuthorizationInfo(PrincipalCollection pc)
> we have `PrincipalCollection pc` but not `Principal p`. By other workds,
> why collection?
>
> Could anyone explain?
>
> --
> Alex Sviridov
>