Hi there, You can create a user and assign them a particular role or permission that implies they have the ability to create users.
Once you assign that role or permission to the user, and that user logs in, they will be able to create other users. You will need to use a realm implementation that uses your datasource to lookup user roles and/or permissions and returns them back to Shiro in the form of an AuthorizationInfo object. You can look at Shiro's existing AuthorizingRealm class and see its getAuthorizationInfo and doGetAuthorizationInfo JavaDoc. If you're using a relational database, you might want to see the JdbcRealm as that may be good enough for your needs. If not, creating a subclass of AuthorizingRealm is pretty easy. HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
