How to check for remember in a Realm ?

[Hendy Irawan <he...@soluvas.com>]

Hi all,

The methods to override in Realm, e.g. doGetAuthorizationInfo() does not
provide access to whether the current subject is simply remembered or
authenticated.

I'd like to give some roles and permissions dynamically, depending whether
the subject is remembered or authenticated.
How?

Hendy



--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-check-for-remember-in-a-Realm-tp7577897.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to check for remember in a Realm ?

[Hendy Irawan <he...@soluvas.com>]

Thank you Les!

I've added a JIRA here : https://issues.apache.org/jira/browse/SHIRO-393

Hendy

On Wed, Oct 31, 2012 at 11:38 PM, Les Hazlewood-2 [via Shiro User] <
ml-node+s582556n7577898h16@n2.nabble.com> wrote:

> The notion of 'AuthorizationInfo' and 'AuthenticationInfo' are
> decoupled concepts from the Subject concept - they are a little lower
> level than the Subject API.  Because rememberMe is currently designed
> to support Subject identity (and not authz/authc), Shiro doesn't have
> a built-in way to do this.  If you would like it as a feature, please
> open a feature request in Jira.
>
> That being said, if the Subject is accessible via
> SecurityUtils.getSubject() at the time your Realm's
> getAuthorizationInfo method is called (in a web app, this should be
> the case), you could just get the subject and check isAuthenticated()
> vs isRemembered() directly.  This is a bit unorthodox since Realms
> should ideally not 'know' about the Subject concept, but if it works,
> then that should get you what you need.
>
> HTH,
>
> --
> Les Hazlewood | @lhazlewood
> CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
> Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
>
> On Wed, Oct 31, 2012 at 3:33 AM, Hendy Irawan <[hidden email]<http://user/SendEmail.jtp?type=node&node=7577898&i=0>>
> wrote:
>
> > Hi all,
> >
> > The methods to override in Realm, e.g. doGetAuthorizationInfo() does not
> > provide access to whether the current subject is simply remembered or
> > authenticated.
> >
> > I'd like to give some roles and permissions dynamically, depending
> whether
> > the subject is remembered or authenticated.
> > How?
> >
> > Hendy
> >
> >
> >
> > --
> > View this message in context:
> http://shiro-user.582556.n2.nabble.com/How-to-check-for-remember-in-a-Realm-tp7577897.html
> > Sent from the Shiro User mailing list archive at Nabble.com.
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/How-to-check-for-remember-in-a-Realm-tp7577897p7577898.html
>  To unsubscribe from How to check for remember in a Realm ?, click here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7577897&code=aGVuZHlAc29sdXZhcy5jb218NzU3Nzg5N3wxNTI0Njc4NzUy>
> .
> NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>



-- 
Hendy Irawan - on Twitter <http://twitter.com/hendybippo> - on
LinkedIn<http://id.linkedin.com/in/hendyirawan>
Web Developer | Bippo Indonesia <http://www.bippo.co.id/> | Akselerator
Bisnis | Bandung




--
View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-check-for-remember-in-a-Realm-tp7577897p7577899.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: How to check for remember in a Realm ?

[Les Hazlewood <lh...@apache.org>]

The notion of 'AuthorizationInfo' and 'AuthenticationInfo' are
decoupled concepts from the Subject concept - they are a little lower
level than the Subject API.  Because rememberMe is currently designed
to support Subject identity (and not authz/authc), Shiro doesn't have
a built-in way to do this.  If you would like it as a feature, please
open a feature request in Jira.

That being said, if the Subject is accessible via
SecurityUtils.getSubject() at the time your Realm's
getAuthorizationInfo method is called (in a web app, this should be
the case), you could just get the subject and check isAuthenticated()
vs isRemembered() directly.  This is a bit unorthodox since Realms
should ideally not 'know' about the Subject concept, but if it works,
then that should get you what you need.

HTH,

--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk

On Wed, Oct 31, 2012 at 3:33 AM, Hendy Irawan <he...@soluvas.com> wrote:
> Hi all,
>
> The methods to override in Realm, e.g. doGetAuthorizationInfo() does not
> provide access to whether the current subject is simply remembered or
> authenticated.
>
> I'd like to give some roles and permissions dynamically, depending whether
> the subject is remembered or authenticated.
> How?
>
> Hendy
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-check-for-remember-in-a-Realm-tp7577897.html
> Sent from the Shiro User mailing list archive at Nabble.com.