Yep, this is the solution behind the 2nd question in my previous email :)
Your implementation of that method would find out the roles assigned
to the user, and then you could use whatever you wanted to acquire
permissions for those roles.
Using an IniRealm as an internal helper component should work in this
case because roles and their permissions are stored in SimpleRole
objects keyed by role name. If you use IniRealm (a subclass of
SimpleAccountRealm), you could call the SimpleAccountRealm.getRole()
object, get its permissions (simpleRole.getPermissions()) and just add
those directly to the AuthorizationInfo object you will return from
that method.
You could even have a nice configuration passthrough method on your
ActiveDirectoryRealm:
setPermissionAssignments( String roleToPermsConfig) {
String config = "[roles]\n" + roleToPermsConfig;
Ini ini = new Ini();
ini.load(config);
this.iniRealm = new IniRealm(ini);
}
Then reference the iniRealm in your queryForAuthorizationInfo method
to pull the Role objects with their permissions.
HTH,
Les
On Thu, Jan 21, 2010 at 12:57 PM, rchristy <[email protected]> wrote:
>
> OK looking into this a bit more, I see all i really need to do is make sure
> queryForAuthorizationInfo() implementation I made also implements the
> permissions (i.e. string and/or objects) when it builds the
> AuthorizationInfo. I have already implemented my own version of
> ActiveDirectoryRealm that has a slightly different implementation than the
> shiro version. So in my implementation of this, I can select a second data
> source that allows me to pull in the permissioning at the same time it
> authenticates agains ActiveDirectory when queryForAuthorizationInfo is
> invoked. Is this how it is expected to work in shiro?
>
> Thanks,
>
> Rich
> --
> View this message in context:
> http://n2.nabble.com/Multiple-Realms-tp4434653p4435273.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
