Hi Rich, On Thu, Jan 21, 2010 at 11:26 AM, rchristy <[email protected]> wrote: > use the IniRealm and left the users empty (I don't want to have to duplicate > all users/passwords in each Realm). However this didn't seem to work.
Yeah, roles don't have any value unless they're associated with user accounts somehow. The IniRealm doesn't know how to interact with user data outside of its own format. > is it possible to have one Realm authenticate and another Realm map only > roles (the same roles as defined in the first realm) to permissions? And if > this is possible, does an existing realm in shiro already do this or is this > something that would require me to implement a realm for. > > The idea here is that the same Subject instance would have > user/passwords/roles defined in one realm and permissions for these roles > defined in a different realm. Is this possible or am I misunderstanding the > use of multiple realms. Yes, this is possible - but do you want to make the roles-to-permissions association at startup for all roles? If so, one Realm (that associates permissions to roles) might need to find out what the roles are, possibly by communicating with the other Realm that does the authentication. Or do you want to make this association only after the user has authenticated and you know what the user's roles are? - Les
