[
https://issues.apache.org/jira/browse/SHIRO-492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145318#comment-14145318
]
Terefang Verigorn commented on SHIRO-492:
-----------------------------------------
i also have a case for this, if AuthorizingRealm#getAuthorizationInfo() were
public.
the case look like the following:
* authenticate against active directory server
* lookup roles from ads and map them to application roles in jdbc
* use user and ads/app-roles to do fine-grained permission checking via
http/soap/xacml to remote identity server (wso2-is)
my workaround is to use commons-lang/methodutils to call the method, which is
only working because the tomcat security manager is currently disabled.
i also would like to merge roles from multiple backends.
> Subject.getRoles() functionality
> --------------------------------
>
> Key: SHIRO-492
> URL: https://issues.apache.org/jira/browse/SHIRO-492
> Project: Shiro
> Issue Type: Improvement
> Components: Authorization (access control)
> Reporter: John Vines
>
> Currently shiro provides the ability to respond whether or not a user has a
> list of Authorizations. However, while the realms have methods for getting
> all authorizations (protected), these are not exposed in normal use to allow
> asking for all Roles. This should be exposed by adding a call to Subject to
> getRoles, to complement it's existing hasRoles calls. This may require making
> some of the calls around authorizations, like getAuthorizationInfo in
> AuthorizingRealm, public.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
