Hello Thanks for your clarification , is there any example that can help me to start with.
Best Regards Ali Shahbour From: Kashyap Paidimarri <[email protected]> Reply-To: <[email protected]> Date: Friday, March 1, 2013 4:56 PM To: <[email protected]> Subject: Re: Shiro Permission with Active Directory > The active directory realm does not use the role->permission mapping from the > Ini file. You'll have to extend the active directory realm and override the > 'buildAuthorizationInfo' method. In this method you'll have to write custom > code to resolve roles to permissions. > > > On Fri, Mar 1, 2013 at 8:19 PM, Ali Shahbour <[email protected]> wrote: >> Hello >> >> I am trying to integrate Shiro with Acitve Directory >> >> Every thing is working perfect , except that I can't check authenticated user >> for permission it is always saying no permission below is my configuration >> with dynamic web >> >> [main] >> >> # specify login page >> >> authc.loginUrl = /login.zul >> >> activeDirectoryRealm = >> org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm >> >> activeDirectoryRealm.systemUsername = XXXXXXXX\administrator >> >> activeDirectoryRealm.systemPassword = XXXXXXXXX >> >> activeDirectoryRealm.searchBase = cn=Users,dc=XXXXXXXXXXX,dc=co >> >> activeDirectoryRealm.url = ldap://XXX.XXX.155.167:389 >> >> activeDirectoryRealm.groupRolesMap = >> "CN=Monitor,OU=CDRMonitor,DC=XXXXXXXXXXXXX,DC=co":"cdrmonitor" >> >> >> >> #securityManager.realms = $activeDirectoryRealm >> >> >> >> builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager >> >> securityManager.cacheManager = $builtInCacheManager >> >> >> >> # redirect after successful login >> >> authc.successUrl = /index.zul >> >> roles.unauthorizedUrl = /unauthorized.zul >> >> >> >> [urls] >> >> /login.zul = anon >> >> /View/** = authc,roles[cdrmonitor] >> >> >> >> [roles] >> >> cdrmonitor = search:* >> >> >> >> >> >> As for the code >> >> >> >> UsernamePasswordToken token = new >> UsernamePasswordToken("[email protected]", "XXXXXX"); >> >> try { >> >> >> >> Subject subject = SecurityUtils.getSubject(); >> >> subject.login(token); >> >> >> >> token.clear(); >> >> subject.hasRole("cdrmonitor"); // this is completed as successful >> >> subject.checkPermission("search"); // it is always failing with no >> permission while it it got the role cdrmonitor >> >> >> >> >> >> } catch (UnknownAccountException ex) { >> >> //username provided was not found >> >> ex.printStackTrace(); >> >> } catch (IncorrectCredentialsException ex) { >> >> //password provided did not match password found in database >> >> //for the username provided >> >> ex.printStackTrace(); >> >> } catch (AuthenticationException ex) { >> >> ex.printStackTrace(); >> >> } >> >> catch (Exception ex) { >> >> ex.printStackTrace(); >> >> } >> >> >> >> >> >> Any idea why is that >> >> >> >> >> >> Best Regards >> >> Shahbour >> >> >> > > > > -- > ³ The difference between ramen and varelse is not in the creature judged, but > in the creature judging. When we declare an alien species to be ramen, it does > not mean that they have passed a threshold of moral maturity. It means that we > have. Demosthenes, Letter to the Framlings ²
