Hi Schlool, authenticating (enabling log-in) and authorizing (getting roles/permissions) are two different things. This means, you implemented an AuthenticatingRealm, which will enable your users to log-in. Now you need to implement an AuthorizingRealm, which queries the source for their roles, groups, permissions etc.
Consider this default: securityManager.authorizer = org.apache.shiro.authz.ModularRealmAuthorizer # [2] If you look at the implementation [2], it is still querying all realms. This is documented in the Authorizer documentation [1]. [1] https://shiro.apache.org/authorization.html#modularrealmauthorizer [2] https://github.com/apache/shiro/blob/9e68eb488644f4a8ee72c4ec736d257a66e5cc5d/core/src/main/java/org/apache/shiro/authz/ModularRealmAuthorizer.java Am Mo., 26. Apr. 2021 um 09:16 Uhr schrieb Schloool <kont...@max-schlosser.de>: > > Thanks for your answer Benjamin! > I was able to set up a custom Authenticator which selects a Realm depending > on a given name. > However, using this Authenticator results in issues whenever using > > SecurityUtils.GetSubject().checkRole("admin"); > > as seemingly all loaded Realms try to check the role. However, only the > fitting Realm should be used. > Is there any easy way to achieve this result? > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/
