allow the use of shiro as Autorization only framework
-----------------------------------------------------
Key: SHIRO-311
URL: https://issues.apache.org/jira/browse/SHIRO-311
Project: Shiro
Issue Type: New Feature
Components: Authentication (log-in), Authorization (access control) ,
Configuration, Integration: JEE
Affects Versions: 1.1.0
Environment: java 6 , active directory
Reporter: Elhanan Maayan
currently shiro uses login as the only entry point to the application which
uses authentication and authorization procedures, defined in the chosen
subclasses realm.
however in many organization's intranet , a domain authentication is already
employed making the authentication process in shiro redundant.
in order to keep consistency with the framework, a new type of Token should be
created called AuthenticatedToken. the difference is shiro would be able to
create such a token in it's filter by inspecting getRemoteUer of the HTTP
request, which according to the spec is !=null only when the user is
authenticated.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
