It's been a while since I've used AD, and it's possible you need to escape the white space, but my first suggestion would be to double-check the roles/groups that are returned for the user. You could either dump them out from your application or set a breakpoint in `org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm.getRoleNamesForGroups()`
I'm guessing you also _don't_ need the `[roles]` block (though that depends on how your realms are configured) Please keep us posted! On Wed, Dec 4, 2019 at 11:31 PM Manuel Sopena Ballesteros < [email protected]> wrote: > Dear Apache Shiro community, > > > > I am trying to setup Apache Shiro to restrict access to specific urls > based on Active Directory: > > > > activeDirectoryRealm.groupRolesMap = "CN=my group,OU=Groups,OU=my > folder,DC=ad,DC=mydomain,DC=com":"admin" > > > > [roles] > > role1 = * > > role2 = * > > role3 = * > > admin = * > > > > [urls] > > /api/version = anon > > /api/interpreter/** = authc, roles[admin] > > /** = authc > > > > Questions: > > For some reason this is not working and users members of “my group” cannot > access the /api/interpreter/** websites > > Also, do I need to escape white spaces? > > > > Thank you > NOTICE > Please consider the environment before printing this email. This message > and any attachments are intended for the addressee named and may contain > legally privileged/confidential/copyright information. If you are not the > intended recipient, you should not read, use, disclose, copy or distribute > this communication. If you have received this message in error please > notify us at once by return email and then delete both messages. We accept > no liability for the distribution of viruses or similar in electronic > communications. This notice should not be removed. >
