You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/03/20 12:50:43 UTC
[jira] [Commented] (ISIS-746) When multiple realms configured for
Shiro, should be more intelligent about obtaining roles from those realms
[ https://issues.apache.org/jira/browse/ISIS-746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941645#comment-13941645 ]
ASF subversion and git services commented on ISIS-746:
------------------------------------------------------
Commit aaec51e517ef00d702639daad3194cdbeed59f36 in isis's branch refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=aaec51e ]
ISIS-746: only get roles from realm(s) which subject was authenticated.
Note that Shiro itself will get the perms from those roles only from the realms against which was authenticated. So this change is just about the way in which Isis gleans the roles to pop into the UserMemento#getRoles().
> When multiple realms configured for Shiro, should be more intelligent about obtaining roles from those realms
> -------------------------------------------------------------------------------------------------------------
>
> Key: ISIS-746
> URL: https://issues.apache.org/jira/browse/ISIS-746
> Project: Isis
> Issue Type: Bug
> Affects Versions: security-shiro-1.4.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: security-shiro-1.4.2
>
>
> We currently attempt to obtain roles for realms that did *not* authenticate the token.
> Ideally, should only ask for roles from the realms that authenticated the token.
> As a workaround, should (as currently) query all realms but then catch and ignore any exceptions thrown by those realms that did not authenticate the token.
--
This message was sent by Atlassian JIRA
(v6.2#6252)