I have the same problem with a "UserService" who is used to authenticate the user and manage users account. The service is a local implementation who consume a REST web service protected with Shiro.
1. When I want to use the service to authenticate the user, I use it as "system" who is a special account. 2. When the user has been authenticated, I create a new instance of this service who use the user account. On Thu, Jun 9, 2011 at 4:07 AM, David Woods <[email protected]> wrote: > Wouldn't the access to the data source be using the authentication > details of your *application*, rather than those of the *user*? > > On 09/06/2011, at 2:05 PM, juminoz <[email protected]> wrote: > > > How would you go around this problem? > > > > User case: > > 1) Application uses Shiro framework to do authentication by connecting > > through a data source using a custom realm. > > 2) That data source is also using Shiro framework to do authentication. > > > > Since you can't access the data source to authenticate, you can't > actually > > authenticate to use the data source. > > > > Any creative idea? > > > > Thanks, > > Jack > > > > -- > > View this message in context: > http://shiro-user.582556.n2.nabble.com/Chicken-Egg-Issue-on-Security-tp6456259p6456259.html > > Sent from the Shiro User mailing list archive at Nabble.com. > -- Gervais Blaise <[email protected]>
