I have attempted to search the archives but have been unable to find anything on this subject. If it¹s been discussed before, can anybody clue me into search terms?
I¹ve noticed that it does not appear that any of the built-in realms in Shiro support the concept of role inheritance roleA inherits permissions from roleB. I can see situations in where this would be valuable, particularly in combining multiple realms in an authorization scheme. I am curious as to whether this sort of functionality has been considered before, and what are the thoughts on it? Would contributions to this effect be welcomed? In particular, I am considering a situation where an application defines fine-grained permissions but also defines a set of roles (admin, reader, writer) that have a default set of permissions. An organizational ldap schema might define users and their organizational-oriented groups (developer, tester, sysadmin, manager, etc). Being able to map organizational roles to the default application roles could make integrating an application into an existing infrastructure considerably easier. Are there other solutions for doing this sort of thing? This also brings me to a related question. Is there any reason that the default realms don¹t implement / support the RolePermissionResolver interface? Again, this seems like it could be useful in combining application-specific configuration with organization-specific configuration. I seek your thoughts and comments. Thank you, Jared
