For an authorizing only realm, you can simply return null in doGetAuthenticationInfo() to indicate the realm shouldn't participate in authentication process.
Kalle On Wed, Jul 10, 2013 at 8:49 AM, Michael Chandler < [email protected]> wrote: > Christian,**** > > ** ** > > If Authentication is already handled outside of Shiro, it seems like you > could be able to handle Authorization only by implementing your own Realm. > Here’s a rough example of what I’m thinking… The authentication method is > implemented to do very little other than appear to be successful, while you > do your authorization work as planned. Hopefully I’m not over simplifying > the problem here…**** > > ** ** > > public YourRealm extends AuthorizingRealm {**** > > **** > > @Override**** > > protected AuthenticationInfo doGetAuthenticationInfo(**** > > AuthenticationToken token) > throws AuthenticationException {**** > > **** > > // Retrieve your user object by leveraging > info from your token**** > > User user = > someMethodThatGetsUserFromToken(token);**** > > **** > > // Make sure the credentials matcher is > always successful since you handle this elsewhere**** > > setCredentialsMatcher(new > CredentialsMatcher() {**** > > ** ** > > @Override**** > > public boolean > doCredentialsMatch(AuthenticationToken token,**** > > > AuthenticationInfo info) {**** > > **** > > return > true;**** > > }**** > > **** > > });**** > > **** > > return new SimpleAuthenticationInfo(user, > token, "YourRealm");**** > > }**** > > **** > > @Override**** > > protected AuthorizationInfo > doGetAuthorizationInfo(PrincipalCollection principals) {**** > > // YOUR AUTHORIZATION IMPLEMENTATION GOES > HERE!**** > > }**** > > }**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Christian Schneider > *Sent:* Tuesday, July 09, 2013 11:57 PM > *To:* [email protected] > *Subject:* How to just do authorization with Shiro**** > > ** ** > > Hi All,**** > > I am trying to integrate Shiro into an Apache CXF project. The > Authentication is already done by CXF. I am using a SAML token to > authenticate at the service. Inside the token there already is the subject > name and the role names. CXF establishes a CXF specific > LoginSecuritycontext that contains these details. **** > > Now I want to use a CXF interceptor to read this LoginSecurityContext and > establish an authenticated Shiro subject that also contains subject name > and roles. **** > > I intend to use the Shiro Context then to do normal Shiro authorization > using annotations.**** > > Currently I only know how to log into Shiro using a UserPasswordToken. So > I give Shiro my identity and my credentials and shiro does the > authentication and fetches the roles. How can I change this to work with an > already authenticated subject and given roles?**** > > Christian**** >
