Hi Sudheer, Shiro's scope as a project is limited to being a security framework that developers use inside the apps they are writing to help secure their apps. It is currently a JVM-only framework and binary incompatible with PHP.
People sometimes use PHP (or other languages) to communicate with a Shiro-enabled JVM-based web application, but they do this work themselves using whatever mechanisms they desire (e.g. REST API, etc). Once a request hits the JVM-based server though, Shiro is great at assisting the developers writing that backend app. There are so many different ways to do this based on the technologies you use or who you work for or what your app requires, that it just doesn't make sense for Shiro to tackle that problem too. For a multi-language authentication and user management REST API service that all of your apps can 'point to', I'd use Stormpath, but then again, I'm biased ;) (and to be fair, the two scopes are quite different: Shiro is a framework, Stormpath is a full blown product/service. Shiro goes *in* and helps you develop your JVM-based app, and Stormpath (for example) is something that any of your apps - regardless of programming language - can talk *to*. We of course have native integration for Shiro-enabled apps to talk to Stormpath for people that like to use both). HTH! -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Thu, Jan 3, 2013 at 1:07 AM, sudheer kumar komirishetty < [email protected]> wrote: > Hi, > > We have an application where the front end is coded in php, which talks to > backend webapp. > We wanted php code to call the backend service to login and authorize the > user, > as part of the authorization, we want to return all the roles and > permissions of the user as response to php, so that it can be cached and > used subsequently. Unfortunately, I couldn;t find any api that is exposed > by Shiro. Any specific reason has to why this functionality was not > provided ? or Am I missing something here ? > Is there a way we can achieve this using features provided by shiro ? or > Do we have to add custom implementation to fetch roles and permissions > after successful login ? > > > > Regards, > Sudheer.
