On Mon, Dec 9, 2013 at 9:38 AM, stenrap <[email protected]> wrote:
> This is what I thought, and have already tried. But I'm not sure how to get
> into my doGetAuthenticationInfo() method without calling the login() method
> on the subject (and passing a fake UsernamePasswordToken).
//shiro.ini
myRealm = com.whatever.your.realm.that.implements.getAuthorizationInfo
securityManager.realms = $myRealm
//Java code:
SimplePrincipalCollection identity = new SimplePrincipalCollection(userId,
"myRealm");
Subject subject = new Subject.Builder(securityManager).principals(
identity).buildSubject();
subject.hasRole("foo");
subject.isPermitted("some:permission:here");
No authentication is required because authentication and authorization are
orthogonal by design.
HTH,
Les
