3 Replies Latest reply on Jun 23, 2014 12:57 PM by Randall Hauch

    can extend modeshape with shiro?

    tao zhu Newbie

      HI:

       

         I already have a set of permissions system using shiro development and get some infomation about modeshape's ' Authentication and authorization' from the document of ModeShape_3.7.

       

      I am not sure if I can also use my permissions system in ModeShape_3.7 through the extending ModeShape?

        • 2. Re: can extend modeshape with shiro?
          tao zhu Newbie

          HI :

           

              I have done a demo which implement my own custom Authentication.the class named 'MyAuthenticationProvider'implements the interface AuthenticationProvider and the class of 'MySecurityContext' implements both SecurityContext and AuthorizationProvider.But I don't understand how to use the shiro's Authentication and Authorization in modeshape.I want to store my users,roles and resources  in modeshape as its nodes and porperties.I am not sure that I should extend modeshape provider with shiro, or I should use my custom Authentication to control modeshape and use shiro to control my apllication.

          • 3. Re: can extend modeshape with shiro?
            Randall Hauch Master

            To determine whether ModeShape should create a session given a set of credentials using content in the repository will require some bootstrapping, since your AuthenticationProvider implementation will have to be able to access the content and thus be authenticated. I'm not exactly sure how best to do this. It may require an enhancement in 4.0.

             

            Authorization is much easier, since you can implement the AdvancedAuthorizationProvider interface, and this already provides a way for your provider to access the session content.