Hi I am trying to integrate Shiro with LDAP auth.
I have followed the setup guide on https://zeppelin.apache.org/docs/latest/setup/security/shiro_authentication.html and noticed one issue. The example refers to this configuration: ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = * Per the Shrio implementation <https://github.com/apache/shiro/blob/master/config/ogdl/src/main/java/org/apache/shiro/config/ReflectionBuilder.java#L470-L486>, the right format should be: ldapRealm.permissionsByRole= user_role : "*:ToDoItemsJdo:*:*, *:ToDoItem:*:*", admin_role: * However, even if I use this format, I still could not get the correct *permissionsByRole* field in my *LdapRealm* object. The issue seems to lie in the fact that the field is defined as *Map<String, List<String>>* and the current Shiro ini format cannot take care of such nested collection types. (This is the only field in the class with a nested collection type) The parsing of the ini file will skip this particular configuration and the generated *LdapRealm* object will have null *permissionsByRole*. (Please refer to the attached sample *shiro.ini* and *ShiroTest.java* to illustrate this problem) If I change the configuration to ldapRealm.permissionsByRole[user_role] = *:ToDoItemsJdo:*:*, *:ToDoItem:*:* ldapRealm.permissionsByRole[admin_role] = * the parsing of the ini file will result in a *Map<String, String> *field and will hit type mismatch downstream when checking for permissions. Thanks Yan
ShiroTest.java
Description: Binary data
shiro.ini
Description: Binary data
