Principal And Device Attributes

[gcollins <ga...@gmail.com>]

Hi,

I had a question about Shiro principals.

Should device attributes (e.g. user agent) be considered as part of the
security principal...or would they be something else?

Just to provide some context to my question the device attributes generally
determine what operations can be run on the client, not because the client
is "not allowed" to run these operations, but because the client may/may not
be able to run specific applications/operations.

If device attributes are part of a security principal, would they be
considered part of the same principal as the user...or would the user and
device be separate principals in a principal collection (I assume user would
be the primary principal?)?

thanks in advance,
Gareth






--
View this message in context: http://shiro-user.582556.n2.nabble.com/Principal-And-Device-Attributes-tp7578222.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Principal And Device Attributes

[jleleu <le...@gmail.com>]

Hi,

I tend to say no. I would consider device attributes as session browsing
attributes (stored in session), nor as user attributes. You can have the
same user coming from a browser on his desktop or on his mobile phone : same
user, but different device attributes.
And that's the way I do when having different behaviours/renderings between
devices for the same web site.
Best regards,
Jérôme




--
View this message in context: http://shiro-user.582556.n2.nabble.com/Principal-And-Device-Attributes-tp7578222p7578223.html
Sent from the Shiro User mailing list archive at Nabble.com.