RE: How to just do authorization with Shiro

Wed, 10 Jul 2013 08:50:29 -0700 

Christian,

If Authentication is already handled outside of Shiro, it seems like you could 
be able to handle Authorization only by implementing your own Realm.  Here's a 
rough example of what I'm thinking... The authentication method is implemented 
to do very little other than appear to be successful, while you do your 
authorization work as planned.  Hopefully I'm not over simplifying the problem 
here...

public YourRealm extends AuthorizingRealm {

                @Override
                protected AuthenticationInfo doGetAuthenticationInfo(
                                                AuthenticationToken token) 
throws AuthenticationException {

                                // Retrieve your user object by leveraging info 
from your token
                                User user = 
someMethodThatGetsUserFromToken(token);

                                // Make sure the credentials matcher is always 
successful since you handle this elsewhere
                                setCredentialsMatcher(new CredentialsMatcher() {

                                                @Override
                                                public boolean 
doCredentialsMatch(AuthenticationToken token,
                                                                                
AuthenticationInfo info) {

                                                                return true;
                                                }

                                });

                                return new SimpleAuthenticationInfo(user, 
token, "YourRealm");
                }

                @Override
                protected AuthorizationInfo 
doGetAuthorizationInfo(PrincipalCollection principals) {
                                // YOUR AUTHORIZATION IMPLEMENTATION GOES HERE!
                }
}

From: [email protected] [mailto:[email protected]] On Behalf Of 
Christian Schneider
Sent: Tuesday, July 09, 2013 11:57 PM
To: [email protected]
Subject: How to just do authorization with Shiro

Hi All,
I am trying to integrate Shiro into an Apache CXF project. The Authentication 
is already done by CXF. I am using a SAML token to authenticate at the service. 
Inside the token there already is the subject name and the role names. CXF 
establishes a CXF specific LoginSecuritycontext that contains these details.
Now I want to use a CXF interceptor to read this LoginSecurityContext and 
establish an authenticated Shiro subject that also contains subject name and 
roles.
I intend to use the Shiro Context then to do normal Shiro authorization using 
annotations.
Currently I only know how to log into Shiro using a UserPasswordToken. So I 
give Shiro my identity and my credentials and shiro does the authentication and 
fetches the roles. How can I change this to work with an already authenticated 
subject and given roles?
Christian

Reply via email to