You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Kalle Korhonen (JIRA)" <ji...@apache.org> on 2012/07/11 22:03:34 UTC
[jira] [Commented] (SHIRO-371) SimpleAccountRealm should implement
RolePermissionResolver
[ https://issues.apache.org/jira/browse/SHIRO-371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13411912#comment-13411912 ]
Kalle Korhonen commented on SHIRO-371:
--------------------------------------
SimpleAccountRealm extends AuthorizingRealm that is RolePermissionResolverAware, no?
> SimpleAccountRealm should implement RolePermissionResolver
> ----------------------------------------------------------
>
> Key: SHIRO-371
> URL: https://issues.apache.org/jira/browse/SHIRO-371
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control) , Configuration, Realms
> Reporter: Jared Bunting
> Assignee: Jared Bunting
> Priority: Minor
>
> It seems to be a valid use case to have an external user management system (ldap, active directory, etc) manage users and the roles that they are in. However, since permissions are often application-dependent, it is not uncommon to map roles to permissions at the application level. The shiro.ini file seems a perfect place to do this, but it is non-trivial to allow a different realm (again, ldap or active directory) to use the role->permission mappings place in the ini file. If the SimpleAccountRealm implemented RolePermissionResolver, then it could be done as simply as:
> myRealm = com.example.MyCustomRealm
> myRealm.rolePermissionResolver = $iniRealm
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira