Hi, I've used Shiro a while back and I really think it is easy to use, but now I've got an interesting problem. I'm hoping someone has done something similar and would be able to help.
I've got a distributed application, each domain deployed separately. For example, if it were an insurance system, think of policy administration, claims services and billing deployed as separate EJB services (no UI). In addition to the business domains, I also have a centralized security services system which creates and maintains sessions for users. The roles and permissions are managed in a custom database and I have an AuthorizingRealm deployed with my security services EJB. I would also use a EnterpriseCacheSessionDAO which is backed by EhCache in distributed mode. In each of my business domain EJBs I would have an interceptor to verify if the caller's session has the appropriate privileges to invoke the service. So, the general workflow would be. 1. UI applications create a session for the user. This is done by calling the Security Service beans 2. UI applications call the business services based on user actions. This has to validate permissions based on the session id from step (1) 3. UI applications invalidate the session when the user logs out. I would like to have a lightweight jar that is bundled with each of the domain deployables that uses a Shiro SecurityManager to lookup the roles and permissions from the Cache. I do not want each business domain deployable contacting the security database. Is this possible with Shiro? I tried a simple PoC using 2 SecurityManagers running in different thread (to simulate different SecurityManagers in JVMs) but I do not know how the Realm for the SecurityManager that does the permission check is supposed to work. I think I need a way to lookup the session using a session Id along with the roles and privileges for that user. Currently I get an error because the Realm is not configured. Thanks, Deepu Roy -- View this message in context: http://shiro-user.582556.n2.nabble.com/Privilege-checks-across-requests-in-distributed-applications-tp7580188.html Sent from the Shiro User mailing list archive at Nabble.com.
