[
https://issues.apache.org/jira/browse/KNOX-4?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13833129#comment-13833129
]
Dilli Arumugam commented on KNOX-4:
-----------------------------------
Would add a new class org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm
instead of using org.apache.isis.security.shiro.IsisLdapRealm as is. The
reasons:
Would like to remove the dependency on Google Collections introduced by
IsisLdapRealm.
KnoxLdapRealm requires some tweaks that are not in IsisLdapReal so that it can
be used as group lookup plugin in addition to an authorization realm.
> Extend Shiro Provider to Include Groups
> ---------------------------------------
>
> Key: KNOX-4
> URL: https://issues.apache.org/jira/browse/KNOX-4
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 0.2.0
> Reporter: Larry McCay
> Assignee: Dilli Arumugam
> Labels: Authorization, LDAP, Security, Shiro
> Fix For: 0.4.0
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> The OOTB Shiro JndiLdapRealm implementation does not provide authorization
> info - ie. group membership information. Extend the JndiLdapRealm to override
> queryForAuthorizationInfo() - for example see:
> http://stackoverflow.com/questions/12173492/shiro-jndildaprealm-authorization-agains-ldap
--
This message was sent by Atlassian JIRA
(v6.1#6144)
