It depends on what you want to do, in your authorizing realm the ' doGetAuthenticationInfo' method would just be a noop, configured with a ' AllowAllCredentialsMatcher'.
The downside here, this technique is heavily dependent on your configuration (as your authorizing realm could not be used without an Authentication realm. As for hitting the DB twice, that could also be very specific to your use case, but it is not uncommon to make two queries, one for authc and another for authz. Can you give a little more detail on what you are trying to do? On Tue, Jul 26, 2016 at 2:49 PM, jonathan.labin <[email protected]> wrote: > To clarify, are you saying that setting the authentication strategy to > AllSuccessfulStrategy will enable my authorization-only realm to provide a > principal object? > > I assume I'd need to change the authorization-only realm to support the > expected token type but perhaps not actually perform any authentication > behavior during doGetAuthenticationInfo? > Does it matter what is returned as the Credentials object in the > SimpleAuthenticationInfo created there? > > This also seems like this approach would require pulling the authorization > information from the database twice: once in doGetAuthenticationInfo to > populate the principal and again later during doGetAuthorizationInfo. Is > this correct? > > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Principal-added-by-AuthorizingRealm-tp7581171p7581173.html > Sent from the Shiro User mailing list archive at Nabble.com. >
