[
https://issues.apache.org/jira/browse/SHIRO-371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13411957#comment-13411957
]
Jared Bunting commented on SHIRO-371:
-------------------------------------
It does, and that allows it to use a RolePermissionResolver. But it doesn't
implement RolePermissionResolver, which would allow it to be used as a
RolePermissionResolver.
> SimpleAccountRealm should implement RolePermissionResolver
> ----------------------------------------------------------
>
> Key: SHIRO-371
> URL: https://issues.apache.org/jira/browse/SHIRO-371
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control) , Configuration, Realms
> Reporter: Jared Bunting
> Assignee: Jared Bunting
> Priority: Minor
>
> It seems to be a valid use case to have an external user management system
> (ldap, active directory, etc) manage users and the roles that they are in.
> However, since permissions are often application-dependent, it is not
> uncommon to map roles to permissions at the application level. The shiro.ini
> file seems a perfect place to do this, but it is non-trivial to allow a
> different realm (again, ldap or active directory) to use the role->permission
> mappings place in the ini file. If the SimpleAccountRealm implemented
> RolePermissionResolver, then it could be done as simply as:
> myRealm = com.example.MyCustomRealm
> myRealm.rolePermissionResolver = $iniRealm
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
