Hi folks, We have an integration between Apache Isis [1] and Shiro. One of the things we try to do is to obtain the roles of the subject so we can expose this to the application [2]
However, it's clear when I wrote this that I misunderstood the way that Shiro works. As I understand it, Shiro will - depending on the configured AuthenticationStrategy - authenticate based on possibly just one of the realms defining that user. When I loop around to obtain the roles for the user, I really only want to ask the realm that authenticated that user, not any of the others. As you can see in [2], I'm currently asking all the realms for the roles for the user; and this then blows up. So the question is: is there a way to determine which realm(s) a subject has been authenticated by? Hope the question makes sense... Thx Dan [1] http://isis.apache.org/documentation.html#security [2] https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180
