[
https://issues.apache.org/jira/browse/ISIS-746?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941645#comment-13941645
]
ASF subversion and git services commented on ISIS-746:
------------------------------------------------------
Commit aaec51e517ef00d702639daad3194cdbeed59f36 in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=aaec51e ]
ISIS-746: only get roles from realm(s) which subject was authenticated.
Note that Shiro itself will get the perms from those roles only from the realms
against which was authenticated. So this change is just about the way in which
Isis gleans the roles to pop into the UserMemento#getRoles().
> When multiple realms configured for Shiro, should be more intelligent about
> obtaining roles from those realms
> -------------------------------------------------------------------------------------------------------------
>
> Key: ISIS-746
> URL: https://issues.apache.org/jira/browse/ISIS-746
> Project: Isis
> Issue Type: Bug
> Affects Versions: security-shiro-1.4.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: security-shiro-1.4.2
>
>
> We currently attempt to obtain roles for realms that did *not* authenticate
> the token.
> Ideally, should only ask for roles from the realms that authenticated the
> token.
> As a workaround, should (as currently) query all realms but then catch and
> ignore any exceptions thrown by those realms that did not authenticate the
> token.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
