The active directory realm does not use the role->permission mapping from the Ini file. You'll have to extend the active directory realm and override the 'buildAuthorizationInfo' method. In this method you'll have to write custom code to resolve roles to permissions.
On Fri, Mar 1, 2013 at 8:19 PM, Ali Shahbour <[email protected]> wrote: > Hello > > I am trying to integrate Shiro with Acitve Directory > > Every thing is working perfect , except that I can't check authenticated > user for permission it is always saying no permission below is my > configuration with dynamic web > > [main] > > # specify login page > > authc.loginUrl = /login.zul > > activeDirectoryRealm = > org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm > > activeDirectoryRealm.systemUsername = XXXXXXXX\administrator > > activeDirectoryRealm.systemPassword = XXXXXXXXX > > activeDirectoryRealm.searchBase = cn=Users,dc=XXXXXXXXXXX,dc=co > > activeDirectoryRealm.url = ldap://XXX.XXX.155.167:389 > > activeDirectoryRealm.groupRolesMap = "CN=Monitor,OU=CDRMonitor,DC= > XXXXXXXXXXXXX,DC=co":"cdrmonitor" > > > #securityManager.realms = $activeDirectoryRealm > > > builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager > > securityManager.cacheManager = $builtInCacheManager > > > > # redirect after successful login > > authc.successUrl = /index.zul > > roles.unauthorizedUrl = /unauthorized.zul > > > [urls] > > /login.zul = anon > > /View/** = authc,roles[cdrmonitor] > > > [roles] > > cdrmonitor = search:* > > > > As for the code > > > UsernamePasswordToken token = new UsernamePasswordToken(" > [email protected]", "XXXXXX"); > > try { > > > Subject subject = SecurityUtils.getSubject(); > > subject.login(token); > > > token.clear(); > > subject.hasRole("cdrmonitor"); // this is completed as successful > > subject.checkPermission("search"); // it is always failing with no > permission while it it got the role cdrmonitor > > > > } catch (UnknownAccountException ex) { > > //username provided was not found > > ex.printStackTrace(); > > } catch (IncorrectCredentialsException ex) { > > //password provided did not match password found in database > > //for the username provided > > ex.printStackTrace(); > > } catch (AuthenticationException ex) { > > ex.printStackTrace(); > > } > > catch (Exception ex) { > > ex.printStackTrace(); > > } > > > > Any idea why is that > > > > Best Regards > > Shahbour > > -- “ The difference between ramen and varelse is not in the creature judged, but in the creature judging. When we declare an alien species to be ramen, it does not mean that *they* have passed a threshold of moral maturity. It means that *we* have. —Demosthenes, *Letter to the Framlings* ”
