Do you need to display a list of all the roles that your user has? or just the roles that your application knows about?
For example, it is possible to for an LDAP realm to return a list of roles that your application does not use. But if you start with a list of roles your application knows about, it is easy to query that list and see which ones your user has. Which is basically how this works: https://github.com/apache/shiro/blob/1.3.x/samples/web/src/main/webapp/home.jsp#L49-L65 (or call 'Subject.hasRoles') On Tue, Jul 26, 2016 at 4:02 PM, jonathan.labin <[email protected]> wrote: > As it is my authorizing realm cannot be used without an authentication > realm. > It returns a hard-coded value of false in supports(AuthenticationToken > token) and expects an authenticatingRealm to place the username in the > PrincipalCollection for lookups in the database. > > Hitting the database twice won't be a showstopper for me. I was just > trying > to confirm that I understood your suggestion correctly as I projected > forward all that would need to be done. > > At the root, I'm simply trying to display in a footer of the web > application > some context for the active user so that it is clear who they are logged in > as and what roles they have been granted. > > If there was a Shiro API call that returned all of the roles granted by all > realms combined, that would be the end of this. But it doesn't seem to > currently exists as far as I can tell. I assume this to support realms > that > do not obtain a full list at-login and instead handle each role/permission > check as needed. > > Some user profile information is already being placed into the > PrincipalCollection by the authentication realm (pac4j casClient). This > profile object > ( > https://github.com/pac4j/pac4j/blob/master/pac4j-core/src/main/java/org/pac4j/core/profile/UserProfile.java > ) > contains various user attributes from the authentication back-end including > roles that are assigned by that realm. My application currently displays > this information on the footer. > > However, my authorization realm doesn't have a way to add the roles that it > loads from a different database to the list of principals (for later > display > on the footer). > > I'll certainly look more into converting my authorizing realm into one with > a no-op authentication but this will require some explicit documentation to > ensure that it is always paired with an authenticating realm since on its > own, it would blindly accept all credentials. > > Any other ideas would be helpful. > > Thanks. > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Principal-added-by-AuthorizingRealm-tp7581171p7581175.html > Sent from the Shiro User mailing list archive at Nabble.com. >
