Hey there There is never or no need to know the URL in realm ... you wil have to rething the logic. why ? Because realm is just a stupid back-end code to load auth or authz data for "someone" ... So all the logic must be done in your rest methods should you require it:
for example: Subject s = SecurityUtils.getSubject(); s.isAuthenticated(); s.isPermitted(..); this is all you need ... athough you must provide the "login" url so the realms are called and auth and authz code is executed ... So for your case ... 1. Create UsersRealm and DevicesRealm - Users, devices realm Write your own AutorizationFilter and set it to your urls in ini ... /devices/** = myDevicesFilter /users/** = myUsersFilter myDevicesFilter should create DeviceAuthToken and your DevicesRealm should return DeviceAuthToken class as it's token class myUsersFilter should create UserAuthToken and your UserRealm should return UserAuthToken class as it's token class 2. when you protect your URLs in shiro.ini you can get authenticated user with Subject s = SecurityUtils.getSubject(); s.getPrincipal() or s.getPrincipals(); that's all you need .. to get suibject data load it when appropriate ;) This should do it ;) but for the sake of understanding ... please re-read the docs .. and do ask if anything is unclear. We will be glad to help you! Regards -- View this message in context: http://shiro-user.582556.n2.nabble.com/Is-it-possible-to-get-the-URL-in-doGetAuthenticationInfo-tp7581716p7581720.html Sent from the Shiro User mailing list archive at Nabble.com.
