Hmmm… as far as I can tell, hasRole() does only look up in a hash map. Are you sure that has the performance implications you think it does? FYI I was just looking at the code, and I don’t see an issue there.
> On Sep 21, 2025, at 5:12 PM, Andreas Reichel <[email protected]> > wrote: > > Greetings. > > I have a very complex Shiro Active Directory setup with 20 realms and each > has a role map with 10 elements. > Querying AD one by one takes long of course. And so I do wonder: > > > 1) ActiveDirectoryRealm extends AuthorizingRealm > > 2) AuthorizingRealm provides the method > > protected boolean[] hasRoles(List<String> roleIdentifiers, AuthorizationInfo > info) > > (Which still loops through one by one, calling `hasRole(roleName, info);`). > > 3) ActiveDirectoryRealm provides the method > > protected Set<String> getRoleNamesForUser(String username, LdapContext > ldapContext) > > which fetches all the `memberOf` attribute values at once. > > 4) But as far as I can see, ActiveDirectoryRealm does not override hasRoles() > to make use of getRoleNamesForUser() and I wonder why? Also, > > In case that is an oversight only, should I craft a PR? > > Thank you, best and cheers > Andreas
