Hi, I'm not sure to clearly follow this discussion. But if it might help, here are some inputs : - the authenticated user identity is a collection of principals (identity/attribute), the first principal must be unique and each principal is normally associated to the realm which has created it. - the /doAuthenticationInfo/ method creates the principals (= authenticated user identity) and the /doGetAuthorizationInfo/ method grants the roles and the permissions according to this principals given as input - each realm indicates which kind of token "it works on", through the /supports/ method.
I had in mind that realm name cannot be ommitted so I don't understand why you can have principals but no principals realm except if you query the wrong realm name. I advice you to read the Javadoc regarding the *Realm* and *PrincipalCollection* interfaces and the *SimplePrincipalCollection* class for example. Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/help-understanding-doGetAuthorizationInfo-PrincipalCollection-principals-tp7578443p7578449.html Sent from the Shiro User mailing list archive at Nabble.com.
