Take a look at the PrincipalCollection http://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/subject/PrincipalCollection.html
from subject.getPrincipals() On Mon, Mar 17, 2014 at 8:09 AM, Dan Haywood <[email protected]>wrote: > Hi folks, > > We have an integration between Apache Isis [1] and Shiro. One of the > things we try to do is to obtain the roles of the subject so we can expose > this to the application [2] > > However, it's clear when I wrote this that I misunderstood the way that > Shiro works. As I understand it, Shiro will - depending on the configured > AuthenticationStrategy - authenticate based on possibly just one of the > realms defining that user. > > When I loop around to obtain the roles for the user, I really only want to > ask the realm that authenticated that user, not any of the others. As you > can see in [2], I'm currently asking all the realms for the roles for the > user; and this then blows up. > > So the question is: is there a way to determine which realm(s) a subject > has been authenticated by? > > Hope the question makes sense... > > Thx > Dan > > > [1] http://isis.apache.org/documentation.html#security > [2] > https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180 >
