You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by kaandok <ka...@gmail.com> on 2014/03/13 13:08:31 UTC
Re: Multiple security managers and realms to handle authentication
for different sets of urls
I too am struggling with this. Is there anyway to accomplish this in Shiro in
the latest version?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579749.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by Brian Demers <br...@gmail.com>.
You might be able to handle the login page navigation in a custom filter
(see the authc filter)
https://shiro.apache.org/web.html#Web-DefaultFilters
Then use use the perms filter and use different permissions for foo and bar
This way, I don't think you would need to worry about having multiple
security managers or setting different cookies
On Mon, Mar 17, 2014 at 3:36 AM, Dominic Farr <do...@gmail.com> wrote:
> Can you have...
> Two shiro apps. Split by apache vhost and proxy pass. With each app
> setting a cookies that has a path?
> On 17 Mar 2014 01:31, "kaandok" <ka...@gmail.com> wrote:
>
>> Any ideas on how to achieve this with Shiro?
>>
>> Or is this not possible at all?
>>
>>
>>
>> --
>> View this message in context:
>> http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579761.html
>> Sent from the Shiro User mailing list archive at Nabble.com.
>>
>
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by Dominic Farr <do...@gmail.com>.
Can you have...
Two shiro apps. Split by apache vhost and proxy pass. With each app setting
a cookies that has a path?
On 17 Mar 2014 01:31, "kaandok" <ka...@gmail.com> wrote:
> Any ideas on how to achieve this with Shiro?
>
> Or is this not possible at all?
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579761.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by kaandok <ka...@gmail.com>.
Any ideas on how to achieve this with Shiro?
Or is this not possible at all?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579761.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by liuzdcq <li...@gmail.com>.
The simple answer is yes.
You can achieve this by roles filter, each realm grants a specific role to
the login user. Here's some key code snippet:
filter config:
filterChainDefinitionMap.put("/businessmen/login", "buauthc");
filterChainDefinitionMap.put("/businessmen/**",
"buauthc,roles[businessmen]");
filterChainDefinitionMap.put("/login", "suauthc");
filterChainDefinitionMap.put("/**", "suauthc,roles[admin]");
realm:
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection
principals) {
Collection realmPrincipals = principals.fromRealm(getName());
if(realmPrincipals.isEmpty()) {
return null;
}
SimpleAuthorizationInfo authorizationInfo = new
SimpleAuthorizationInfo();
authorizationInfo.addRole("foo");
return authorizationInfo;
}
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7581727.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by kaandok <ka...@gmail.com>.
There are two paths in the same application that need to have seperate user
bases.
/foo/** -> only FooUsers should access
/bar/** -> only BarUsers should access.
FooUsers and BarUsers are seperate and an authenticated FooUser should only
be able to access /bar/** iff she can also get authenticated as a BarUser
too. (and vice versa)
So basically,
1) user tries to access a page matching /foo/**
2) user is redirected to foo login page
3) user authenticates and continues to the page
4) user tries to access a page matching /bar/**
5) user is redirected to bar login page
6) user authenticates and continues to the page.
Currently since there is only a single cookie definition for the security
manager,
even though I can achieve user base seperation with different realms after a
FooUser is authenticated
she can directly access pages matching /bar/**.
I would be glad if you could advise on a solution.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579751.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Multiple security managers and realms to handle authentication
for different sets of urls
Posted by Jared Bunting <ja...@peachjean.com>.
Could you explain the issue that you are having more specifically. It is
certainly possible to accomplish what Rama was attempting,
On Thu, Mar 13, 2014 at 7:08 AM, kaandok <ka...@gmail.com> wrote:
> I too am struggling with this. Is there anyway to accomplish this in Shiro
> in
> the latest version?
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Multiple-security-managers-and-realms-to-handle-authentication-for-different-sets-of-urls-tp7445068p7579749.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>