0 down vote favorite
I am newbie in spring and shiro platform.
I have two url sets "/admin/--" and "/vendor/--". Both client sets are
authenticating with specific realms. I have extended
ModularRealmAuthenticator class to choose correct realm for authenticating.
ModularRealmAuthenticator.java
@Override
protected AuthenticationInfo doAuthenticate(AuthenticationToken
authenticationToken) throws AuthenticationException {
assertRealmsConfigured();
MultiLoginAuthenticationToken mlat = null;
Realm loginRealm = null;
if (!(authenticationToken instanceof MultiLoginAuthenticationToken)) {
throw new AuthenticationException("Unrecognized token , not a typeof
MultiLoginAuthenticationToken ");
} else {
mlat = (MultiLoginAuthenticationToken) authenticationToken;
logger.debug("realm name is : {}", mlat.getRealmName());
loginRealm = lookupRealm(mlat.getRealmName());
}
return doSingleRealmAuthentication(loginRealm, mlat);
}
protected Realm lookupRealm(String realmName) throws AuthenticationException
{
Collection<Realm> realms = getRealms();
for (Realm realm : realms) {
if (realm.getName().equalsIgnoreCase(realmName)) {
logger.debug("look up realm name is : {}", realm.getName());
return realm;
}
}
throw new AuthenticationException("No realm configured for Client " +
realmName);
}
But while I am assigning role and permissions from different set of
datasource to both clients (Admin and vendor). It is iterating the realms in
order which I have defined in applicationContext.xml file.
My ApplicationContext.xml
<bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="authenticator">
<bean class="com.yatra.mp.security.MultiLoginAuthenticator"/>
</property>
<property name="realms">
<util:list>
<ref bean="adminAuthRealm" />
<ref bean="vendorAuthRealm" />
</util:list>
</property>
<property name="cacheManager" ref="cacheManager" />
</bean>
In both of realms are extending AuthorizingRealm class and both are having
doGetAuthorizationInfo and doGetAuthenticationInfo method. In which I have
defined my custom implementation.
Could you please help me out in this. It's really urgent. I have searched
many things in Google but couldn't find proper solution. Is it necessary to
extend ModularRealmAuthorizer class. If yes, could you please tell me which
method I have override?
Thanks in advance Ankit
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/How-to-get-specific-realm-from-Multiple-realms-for-authorization-in-shiro-tp7580069.html
Sent from the Shiro User mailing list archive at Nabble.com.
