I'm working on a piece of back end software and I think Shiro is a good fit for it. We have a wide user base and we want to accommodate integrating into whatever their security systems architecture is. However, there are two issues which I haven't seem to resolve in my playing with Shiro that I hope you can help me with.
The first one is an easy one- I need to be able to get a given user's roles. Not check if they have one, but just list what they have. Is this hidden somewhere in the SecurityManager api, or do I need to have specific hooks for the realms in order to get this functionality working. I know in the worst case, I can require all roles to be provided ahead of time and then iteratively check them, but that seems awful and clumsy for the person setting the system up. Second is a bit trickier, though I may have it open in a tab (there's still a lot of material I need to read through, but I'm facing some deadlines). What is the best practice for simply being a negotiator for authenticating remote users and grabbing their roles/permissions? Right now I'm pretty sure I'm doing it wrong, as I'm keeping a userString->PrincipalCollection map, while rechecking if they're still authenticated (and doing login if they're not). Thanks John
