I am basically working on an enterprise Authentication module that will run on its own and I am trying to use shiro for that (so far very successfully). Right now I want to authenticate against Active Directory but house permissions based on roles as well as users in another data source (most likely a database). For cases that just map roles--to-permissions, that would be at start up since my roles are somewhat fixed. However the only way I was able to figure out how to do specific user based permissions was to also read it in at start up and have these cached ahead of the user logging in. For these cases, the data source would contain the userid so I could make associations, but not any password information. So my plan was to have my ActiveDirectoryRealm implementation use Active Directory to get populate the getRoles() but use this second data source to determine the permissions based on the roles/userid for the user as they login.
However I am open to other suggestions on how to implement this. Thanks, Rich -- View this message in context: http://n2.nabble.com/Multiple-Realms-tp4434653p4436000.html Sent from the Shiro User mailing list archive at Nabble.com.
