Hello Phil, Thank you for responding!
That is true. If I could get the Realm then I could get access to the AuthorizationInfo (which would give me access to the Permissions and Roles). How can the webapp get the realm though? In a web app, from SecurityUtils I have access to a SecurityManager or a Subject, neither of which give me access to the Realm. If I take a look at Spring Security (I am trying hard to avoid using Spring Security as it forces you to bring in the whole Spring framework -> in an OSGi environment there are even more dependencies), in a webapp environment, I can cast the User Principal from the HttpServletRequest to interface Authentication, then I can go call "getAuthorities" which will allow me to get the list of GrantedAuthorities (which can be a list of roles or permissions). Perhaps if subject is authenticated, Subject could have a method to return a list of the authorizing realms? Would that make sense? thanks, Gareth -- View this message in context: http://shiro-user.582556.n2.nabble.com/Retrieving-The-List-Of-Permissions-Or-Roles-For-A-User-tp6634613p6636404.html Sent from the Shiro User mailing list archive at Nabble.com.
