Hello everyone. I am trying to get my head around this very pretty Framework, that i really don't understand how i missed until now.
I have a couple of questions(Hence the mail) ------------------------------------------ Is it possible to predefine some mapped permissions to roles? Say that i have a number of permissions that i want to implicitly group together in a role, such as users:* groups:* -> administrator. Is it possible to create a permission-role mapping implicitly that will then be respected by other realms? In other words, if an LDAP realm has a user with a role named "administrator" can i tell Shiro that this administrator role should always contain users:* and groups:* in addition to what the Realm itself says? (This should be true for any and all used realms by the way, not just LDAP) ------------------------------------------- How do i do permission based security against an Active Directory realm? Say that i have an Active Directory service with a number of users and corresponding groups. How to i tell Shiro which groups allows which permission? I can see that the ActiveDirectoryRealm class maps groups against roles, but i can't see how i then tell it that role X should contain permissions y-z-x? ------------------------------------------- Thanks for the help:) -Martin
