Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
It seems to be a valid use case to have an external user management system (ldap, active directory, etc) manage users and the roles that they are in. However, since permissions are often application-dependent, it is not uncommon to map roles to permissions at the application level. The shiro.ini file seems a perfect place to do this, but it is non-trivial to allow a different realm (again, ldap or active directory) to use the role->permission mappings place in the ini file. If the SimpleAccountRealm implemented RolePermissionResolver, then it could be done as simply as:
myRealm = com.example.MyCustomRealm
myRealm.rolePermissionResolver = $iniRealm