You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Kevin Ott <ke...@compositesw.com> on 2009/06/13 01:42:20 UTC

list of users/groups from Realm

An application that I'm developing requires administrators to be able to
configure access control at run time from a UI.  I need to present them
with a list of available users and groups so that they can assign roles
and privileges to the users and groups.  Please correct me if I'm wrong,
but I don't believe that shiro allows you to query existing users and
groups from a Realm.  Any plans to add such a feature?

 

Thanks,
Kevin

Re: list of users/groups from Realm

Posted by Les Hazlewood <lh...@apache.org>.

Hi Kevin,

Shiro does not have support for this out of the box because it must make
assumptions about your data model.  There are so many different data models
across applications, it would be fairly difficult to provide interface
support for this in Shiro out of the box.  That being said, there has been
some discussion to come up with some extensions to Shiro to allow for the
most common conventions.  But this will take a while to discuss and design
and may not make it in to 1.0.

So, since Shiro is mostly read-only to account for any data model, the way
most people solve this problem is to have your Realm implementation point to
a component that provides CRUD operations that is shared by other components
in your architecture.

For example, if I had a UserManager which in turned talked to a UserDAO for
CRUD operations, and I would have my Realm implementation use that same
UserDAO for Shiro's lookup needs.

Then your UserManager would perform the create/update operations as
necessary, and the Realm would do the read operations for security checks.
So, it is usually not necessary for Shiro to provide Create/Update
operations when 90% of most applications already provide that in some other
way (UserManager/RoleManager, etc).

HTH,

Les

On Fri, Jun 12, 2009 at 7:42 PM, Kevin Ott <ke...@compositesw.com> wrote:

>  An application that I’m developing requires administrators to be able to
> configure access control at run time from a UI.  I need to present them with
> a list of available users and groups so that they can assign roles and
> privileges to the users and groups.  Please correct me if I’m wrong, but I
> don’t believe that shiro allows you to query existing users and groups from
> a Realm.  Any plans to add such a feature?
>
>
>
> Thanks,
> Kevin
>
>
>