Just throwing something out there, would wildcard permissions work better than the role mapping strategy you have there? Also, do you ned multiple realms? What you are describing is highly unusual.
In any case, realms are resolved serially. Usually scalability is achieved via multiple threads (thread-per-user) and if your individual user takes too long to log in, it is indicative of a design issue somewhere in the system. > On Sep 7, 2024, at 4:04 AM, Andreas Reichel <[email protected]> > wrote: > > Greetings! > > We have a need for authorising against 120 possible roles as fast a possible. > Those roles are managed in Active Directory and the OU mapping is maintained > in a shiro.ini file. > > The roles are the product of: 2 applications for 20 legal entities and 5 > application roles. > > For the sake of maintenance of the shiro.ini file I am tempted to define 1 > realm for each application and entity, mapping those 5 application roles. > (Alternatively I could create the Shiro Configuration per Groovy Script > dynamically, if that provided any advantage.) > > Would that have any negative side effects? Are realms processed in parallel > or in serial? What was best practice for my use case please? > > Thank you big time in advance and warm regards > Andreas
