[jira] [Updated] (SHIRO-465) Support externalized principal mapping in AuthenticatingRealm and ModularRealmAuthenticator

Wed, 06 Jul 2016 12:23:31 -0700 

     [ 
https://issues.apache.org/jira/browse/SHIRO-465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brian Demers updated SHIRO-465:
-------------------------------
    Fix Version/s:     (was: 1.3.0)
                   2.0.0

Something similar can be accomplished by adding an an additional Realm that 
handles Authorization, 

See also: 
http://shiro.apache.org/authorization.html#Authorization-Configuringaglobal%7B%7BRolePermissionResolver%7D%7D
(not exactly the same, but this will allow for mapping roles from a realm to 
application specific permissions)

That said, for 2.0, work in this area is planned: 
https://cwiki.apache.org/confluence/display/SHIRO/Version+2+Brainstorming#Version2Brainstorming-Realmrefactoring

*NOTE:* Adding 2.0.0 as the fix version so we can link this issue


> Support externalized principal mapping in AuthenticatingRealm and 
> ModularRealmAuthenticator
> -------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-465
>                 URL: https://issues.apache.org/jira/browse/SHIRO-465
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Authentication (log-in)
>    Affects Versions: 1.2.2
>            Reporter: Kevin Minder
>              Labels: patch, patch-with-test
>             Fix For: 2.0.0
>
>         Attachments: 
> SHIRO-465__Support_externalized_principal_mapping_in_AuthenticatingRealm_and_ModularRealmA.patch
>
>
> The basic idea is to provide a plug-in point that can be used to resolve 
> principals to things like groups or effective principals. The primary use 
> case that is driving this for me is to be able to resolve authenticated 
> principals to a set of groups where that user to group mapping is external to 
> the user repository.  In addition other mappings can be done like mapping a 
> real user principal to an effective user principal.  This would be useful 
> when a translation is required from an external identity store (e.g. LDAP) to 
> some application specific identities.  The existing pattern for things like 
> RolePermissionResolver should be followed for consistency.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to