[
https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149728#comment-14149728
]
Les Hazlewood commented on SHIRO-492:
-------------------------------------
This may not be possible: some Realm implementations may not be able to expose
all Roles associated with an account identity. This is why the check is on the
Realm interface - to allow the Realm to determine if it can represent them in
memory or if it needs to query an external system.
Shiro already 'merges' roles from multiple backends computationally (a Realm
role check is executed in iteration order, and any realm can say 'yes' to the
Realm check).
Out of curiosity, why is the current feature set (subject.hasRole(roleName))
not sufficient? I'm just trying to understand the use case.
> Subject.getRoles() functionality
> --------------------------------
>
> Key: SHIRO-492
> URL: https://issues.apache.org/jira/browse/SHIRO-492
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: John Vines
>
> Currently shiro provides the ability to respond whether or not a user has a
> list of Authorizations. However, while the realms have methods for getting
> all authorizations (protected), these are not exposed in normal use to allow
> asking for all Roles. This should be exposed by adding a call to Subject to
> getRoles, to complement it's existing hasRoles calls. This may require making
> some of the calls around authorizations, like getAuthorizationInfo in
> AuthorizingRealm, public.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
