I wrote an application implementing exactly this requirement. A filter got the "organization ID" from a cookie and put it into a thread local variable. The doGetAuthorizationInfo method in my custom authorizing realm got the organization ID from the thread local variable. I used the Shiro ThreadContext class which provides convenience methods for storing and retrieving values in a thread local context.
On Thu, Nov 14, 2013 at 4:59 PM, d2013 <[email protected]> wrote: > I'm developing a web application where when a user logs with a username and > passsword, they may belong to more than one organization. If they do, they > must select which organization they're logging in to, and for the rest of > their session that will be the only organization they have access to. I'm > tracking the "organization ID" in the http session and this seems to work. > > The problem I'm having is a user may have a different role depending on the > organization they're logging in for. So a user for company A might be a > manager, but for company B be a sales person. So in my case, I'm having > trouble trying to convey this information to the doGetAuthorizationInfo in > my custom authorizing realm, since it takes only a PrincipalCollection as a > parameter. > > I've thought about ways to add the selected organization ID to the > principal > collection in my doGetAuthenticationInfo, but the only way I can see this > working is if a user enters their login credentials again. > > I have no problem knowing who the user is upon authentication. I just don't > know what their role(s) and corresponding permissions will be until they > have selected a organization, and I don't know how to convey that > information to my realm. > > If anyone can give me some pointers it would be greatly appreciated. And if > I haven't adequately described my situation I'll gladly provide more > detail. > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Different-Roles-based-on-Organization-tp7579375.html > Sent from the Shiro User mailing list archive at Nabble.com. >
