Jared Bunting created SHIRO-371:
-----------------------------------
Summary: SimpleAccountRealm should implement RolePermissionResolver
Key: SHIRO-371
URL: https://issues.apache.org/jira/browse/SHIRO-371
Project: Shiro
Issue Type: Improvement
Components: Authorization (access control) , Configuration, Realms
Reporter: Jared Bunting
Assignee: Jared Bunting
Priority: Minor
It seems to be a valid use case to have an external user management system
(ldap, active directory, etc) manage users and the roles that they are in.
However, since permissions are often application-dependent, it is not uncommon
to map roles to permissions at the application level. The shiro.ini file seems
a perfect place to do this, but it is non-trivial to allow a different realm
(again, ldap or active directory) to use the role->permission mappings place in
the ini file. If the SimpleAccountRealm implemented RolePermissionResolver,
then it could be done as simply as:
myRealm = com.example.MyCustomRealm
myRealm.rolePermissionResolver = $iniRealm
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
