On Dec 16, 2011, at 8:03 AM, seme wrote: > Here is my scenario, user gets authenticated via cas and has authorization > info in attributes from CAS ldap. > I want to take those attributes and build permissions for authorization, I > am trying to extend AuthorizingRealm, but I can't find away to pass those > attributes. > Also, I am using shiro for authorization only, when does > doGetAuthorizationInfo gets called?
It is called the very first time that an authorization operation occurs (e.g. a permission or role check). If caching is enabled/configured, the AuthorizationInfo will be cached at that time to avoid further continuous 'hits' on the back-end data store. For Realms that lookup both authentication and authorization information, you could preemptively construct and cache an AuthorizationInfo object during authentication so there is only one perceived 'hit' during login. You would do this by calling the getAuthorizationInfo(PrincipalCollection principals) method from within your doGetAuthenticationInfo method. HTH! -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
