Hello I am trying to integrate Shiro with Acitve Directory
Every thing is working perfect , except that I can't check authenticated user for permission it is always saying no permission below is my configuration with dynamic web [main] # specify login page authc.loginUrl = /login.zul activeDirectoryRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm activeDirectoryRealm.systemUsername = XXXXXXXX\administrator activeDirectoryRealm.systemPassword = XXXXXXXXX activeDirectoryRealm.searchBase = cn=Users,dc=XXXXXXXXXXX,dc=co activeDirectoryRealm.url = ldap://XXX.XXX.155.167:389 activeDirectoryRealm.groupRolesMap = "CN=Monitor,OU=CDRMonitor,DC=XXXXXXXXXXXXX,DC=co":"cdrmonitor" #securityManager.realms = $activeDirectoryRealm builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $builtInCacheManager # redirect after successful login authc.successUrl = /index.zul roles.unauthorizedUrl = /unauthorized.zul [urls] /login.zul = anon /View/** = authc,roles[cdrmonitor] [roles] cdrmonitor = search:* As for the code UsernamePasswordToken token = new UsernamePasswordToken("[email protected]", "XXXXXX"); try { Subject subject = SecurityUtils.getSubject(); subject.login(token); token.clear(); subject.hasRole("cdrmonitor"); // this is completed as successful subject.checkPermission("search"); // it is always failing with no permission while it it got the role cdrmonitor } catch (UnknownAccountException ex) { //username provided was not found ex.printStackTrace(); } catch (IncorrectCredentialsException ex) { //password provided did not match password found in database //for the username provided ex.printStackTrace(); } catch (AuthenticationException ex) { ex.printStackTrace(); } catch (Exception ex) { ex.printStackTrace(); } Any idea why is that Best Regards Shahbour
