Hi, It's a very normal use case. By default, you can do two things using the *CasRealm*: - grant default roles to an authenticated user, these roles are defined in the /defaultRoles/ property: https://github.com/apache/shiro/blob/trunk/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L85 - read a user's property as a list of roles separated by a comma, the attribute name is defined by the /roleAttributeNames/ property: https://github.com/apache/shiro/blob/trunk/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L91.
You have the same mechanism for permissions. If you to grant roles with a more elaborated computation, you need to create a custom realm, inheriting from *CasRealm* and override the /doGetAuthorizationInfo/ method with the appropriate behaviour you want to implement. Best regards, Jérôme -- View this message in context: http://shiro-user.582556.n2.nabble.com/how-to-change-user-role-using-Cas-Shiro-JSF-tp7579478p7579479.html Sent from the Shiro User mailing list archive at Nabble.com.
