OK, thanks, will do. Dan
On 17 March 2014 13:21, Brian Demers <[email protected]> wrote: > Take a look at the PrincipalCollection > > http://shiro.apache.org/static/1.2.3/apidocs/org/apache/shiro/subject/PrincipalCollection.html > > from subject.getPrincipals() > > > On Mon, Mar 17, 2014 at 8:09 AM, Dan Haywood <[email protected] > > wrote: > >> Hi folks, >> >> We have an integration between Apache Isis [1] and Shiro. One of the >> things we try to do is to obtain the roles of the subject so we can expose >> this to the application [2] >> >> However, it's clear when I wrote this that I misunderstood the way that >> Shiro works. As I understand it, Shiro will - depending on the configured >> AuthenticationStrategy - authenticate based on possibly just one of the >> realms defining that user. >> >> When I loop around to obtain the roles for the user, I really only want >> to ask the realm that authenticated that user, not any of the others. As >> you can see in [2], I'm currently asking all the realms for the roles for >> the user; and this then blows up. >> >> So the question is: is there a way to determine which realm(s) a subject >> has been authenticated by? >> >> Hope the question makes sense... >> >> Thx >> Dan >> >> >> [1] http://isis.apache.org/documentation.html#security >> [2] >> https://github.com/apache/isis/blob/5a7379335f59e408b5a28ceb488e2d3ef6e65a03/component/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizor.java#L180 >> > >
