Right, that makes sense. I've just tried this and it would work only if I didn't have this other particularity in my setup! Bear with me this is not a simple case...
I have 2 realms. One is an IniRealm and another, CustomRealm. The IniRealm resolves WildcardPermissions and CustomRealm resolves SpatialPermissions. I have a RolePermissionResolver set on both (through the ModularRealmAuthorizer). Since the RolePermissionResolver resolves Permission instances, it resolves to SpatialPermission instances for both. This results in: * the IniRealm compares WildcardPersmission with SpatialPermission (one never implies the other) * the CustomRealm doesn't see the IniRealm roles, so it can't resolve any SpatialPermission The end goal was to test SpatialPermissions within the CustomRealm: the ones for the user's roles with the ones obtained by parsing the permission strings to test... It's clear that I need the later case: roles need to be available in my CustomRealm to encapsulate everything in there. Any idea how I can go around this "limitation" and still keep extensibility (users can define there own authentication realms)? Thanks, Philippe -- View this message in context: http://shiro-user.582556.n2.nabble.com/Multiple-realms-and-roles-tp6178792p6186098.html Sent from the Shiro User mailing list archive at Nabble.com.
