> In Shiro, a principal is not a user. It is an identifying attribute > of a user, like a username, a given name, a surname, a social security > number, etc. > > A Shiro Subject is just a security-specific 'view' of a single > application user. The subject can have many principals, and > internally Shiro remembers from which realms all of the principals > came from. This makes it easy for Realm implementors to acquire only > the principals their realm 'cares about' and ignore other principals > that perhaps came from other Realm implementations that may be in use > as well (e.g. multi-realm PAM scenarios)
I'm confused, I thought a realm in Shiro was simply a mechanism to retrieve security information from some datasource? What you suggest here seems to be saying that I should also consider a realm as a way to implement the 'virtual hosts' idea that comes along with Oauth (each consumer is effectively seen as though it were accessing a virtual host on the the app server, and each has their own view of the users including login credentials, roles and permissions). With Shiro, is it ok to configure multiple Realms (thousands of them) with the same implementation, pointing to the same datasource?
Thanks Jason.
