[SHIRO-311] allow the use of shiro as Autorization only framework - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.1.0
Fix Version/s: None
Component/s: Authentication (log-in), Authorization (access control) , Configuration, Integration: JEE
Labels:
None
Environment:
java 6 , active directory

Description

currently shiro uses login as the only entry point to the application which uses authentication and authorization procedures, defined in the chosen subclasses realm.
however in many organization's intranet , a domain authentication is already employed making the authentication process in shiro redundant.

in order to keep consistency with the framework, a new type of Token should be created called AuthenticatedToken. the difference is shiro would be able to create such a token in it's filter by inspecting getRemoteUer of the HTTP request, which according to the spec is !=null only when the user is authenticated.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Elhanan Maayan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Jul/11 20:07

Updated:: 08/Jul/11 05:59