How can you use "getRole" from SimpleAccountRealm? "getRole" is protected.
I see there is a RolePermissionResolver defined in the code...but no class
(other than the ModularRealmAuthenticator) makes use of it (even though
anything that extends AuthorizationRealm is "RolePermissionResolverAware",
like the ActiveDirectoryRealm). Is this not meant to be used going forward?
Some background to the problem I am trying to solve. I wanted to use the
ActiveDirectoryRealm to auth and get groups, then use the default IniRealm
to convert roles to permissions (I just wanted to set up something simple to
show I could do ActiveDirectory authentication and authorization). The
solution I found was more convoluted than I expected it to be. Did I miss
something here (see below)?
thanks,
Gareth
public class SimpleAccountRolePermissionResolver implements
RolePermissionResolver {
private volatile SimpleAccountRealm simpleAccountRealm;
private volatile Method getRoleMethod;
public SimpleAccountRolePermissionResolver() {
}
// I set simpleAccountRealm to $iniRealm in the ini file
public void setSimpleAccountRealm(SimpleAccountRealm
simpleAccountRealm) {
this.simpleAccountRealm = simpleAccountRealm;
try {
// awful hack to get around the protected
permissions of getRole
getRoleMethod =
SimpleAccountRealm.class.getDeclaredMethod("getRole",
String.class);
getRoleMethod.setAccessible(true);
} catch (Throwable t) {
// some action
}
}
@Override
public Collection<Permission> resolvePermissionsInRole(String
roleString) {
try {
SimpleRole role = (SimpleRole)
getRoleMethod.invoke(simpleAccountRealm,
roleString);
return role.getPermissions();
} catch (Throwable t) {
// some action
}
return new HashSet<Permission>();
}
}
-----------
public class MyActiveDirectoryRealm extends ActiveDirectoryRealm {
// Why doesn't the standard ActiveDirectoryRealm take
// advantage of the RolePermissionResolver like this?
@Override
protected AuthorizationInfo buildAuthorizationInfo(Set<String>
roleNames) {
RolePermissionResolver resolver =
this.getRolePermissionResolver();
SimpleAuthorizationInfo info = new
SimpleAuthorizationInfo(roleNames);
if (resolver != null) {
for (String role: roleNames) {
info.addObjectPermissions(resolver.resolvePermissionsInRole(role));
}
}
return info;
}
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Multiple-Realms-tp4434653p6923070.html
Sent from the Shiro User mailing list archive at Nabble.com.
