You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by Les Hazlewood <lh...@apache.org> on 2011/02/17 23:37:46 UTC

Proposed Subject / PrincipalCollection API improvements - feedback appreciated

Hi all,

I wanted to run an idea by the community and see what you think.

Currently when you call Subject.getPrincipals() it returns a
PrincipalCollection.  The PrincipalCollection, while it necessarily
retains which principals are from each realm, I think it is less than
ideal in that you can't easily reference the principals by name - only
by type, which can be a bit clunky.

For example, I think of Principals as identity attributes of a
Subject.  It is a natural extension to then want to be able to call
things like:

Subject.getUsername()
Subject.getUserId()
etc.

Naturally, we can't have methods like this because they're very
dependent upon a specific application (some apps don't use usernames
at all and use X509.  Maybe they don't have a userId and call it an
'accountId').  And of course we wouldn't want to force those methods
on Subject implementations.

But we could do this in a generic way if the Subject principals were a
map, where the map key was the principal name, and the map value was
the principal itself.  For example:

subject.getPrincipals() returns a PrincipalMap.  A PrincipalMap is a
Map<String,Object> that has some additional methods that allow you to
get Realm-specific principals too if you wanted.

So you could do things like this:

subject.getPrincipal("username") returns a username;
subject.getPrincipal("userId") returns a username.

Then we could do really cool things in the JSP tags, e.g.:

<shiro:principal name="username"/>

and in Groovy:

subject.principals.username
subject.principals.userId

etc.

Unfortunately I don't know if this change can be backwards compatible
because of the Subject and Realm changes it might require.  Maybe it
could - I need to research.  Having 20/20 hindsight, I almost think
"duh, I can't believe we didn't do it like this to begin with".  What
do you think?

Thoughts?  Comments?

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com