You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/07/06 19:23:10 UTC

[jira] [Updated] (SHIRO-465) Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator

     [ https://issues.apache.org/jira/browse/SHIRO-465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Demers updated SHIRO-465:
-------------------------------
    Fix Version/s:     (was: 1.3.0)
                   2.0.0

Something similar can be accomplished by adding an an additional Realm that handles Authorization, 

See also: http://shiro.apache.org/authorization.html#Authorization-Configuringaglobal%7B%7BRolePermissionResolver%7D%7D
(not exactly the same, but this will allow for mapping roles from a realm to application specific permissions)

That said, for 2.0, work in this area is planned: https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming#Version2Brainstorming-Realmrefactoring

*NOTE:* Adding 2.0.0 as the fix version so we can link this issue


> Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator
> -------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-465
>                 URL: https://issues.apache.org/jira/browse/SHIRO-465
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.2
>            Reporter: Kevin Minder
>              Labels: patch, patch-with-test
>             Fix For: 2.0.0
>
>         Attachments: SHIRO-465__Support_externalized_principal_mapping_in_AuthenticatingRealm_and_ModularRealmA.patch
>
>
> The basic idea is to provide a plug-in point that can be used to resolve principals to things like groups or effective principals. The primary use case that is driving this for me is to be able to resolve authenticated principals to a set of groups where that user to group mapping is external to the user repository.  In addition other mappings can be done like mapping a real user principal to an effective user principal.  This would be useful when a translation is required from an external identity store (e.g. LDAP) to some application specific identities.  The existing pattern for things like RolePermissionResolver should be followed for consistency.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)