Yes, Manoj is correct - you can associate more information with the PrincipalCollection if you wish and query the PrincipalCollection during runtime - nothing wrong with that approach. I personally like to keep only a single user ID in the PrincipalCollection and use that to look up any additional data as necessary.
Either approach is fine, but if you find that you're storing a lot of information in the PrincipalCollection, it's better to reduce it to a single principal and look up additional data as necessary due to the serialization concerns I mentioned previously. HTH, -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com On Tue, Nov 8, 2011 at 10:30 AM, Manoj Khangaonkar <[email protected]> wrote: > Hi Bengt, > > Subject can have more than 1 principal. > > subject.getPrincipals() returns a principalCollection. > SimpleAuthenticationInfo takes PrincipalCollection. > > You can associate additional user attributes with the subject using > principalcollection. > > Manoj > > On Tue, Nov 8, 2011 at 5:39 AM, Bengt Rodehav <[email protected]> wrote: >> I'm using Shiro 1.1 and I've implemented my own realm to be able to delegate >> authentication to a legacy application. >> I have extended "AuthorizingRealm" and my "doGetAuthenticationInfo" method >> returns a "SimpleAuthenticationInfo" containing the user and the password. >> To check who is logged in I call >> Subject currentUser = SecurityUtils.getSubject(); >> From the subject I can found out who is logged in by calling: >> currentUser.getPrincipal().toString() >> This gives me the login name. I'm not sure if this is how I should do it but >> it seems to work fine. However, I also want to retrieve a clear text name >> for the currently logged in user. I get this information from our legacy >> application and I'd like to present it in our web application. How can I do >> this? >> I assume that what is returned from my "doGetAuthenticationInfo" method >> somehow is stored in the subject. I guess that I could then subclass >> "SimpleAuthenticationInfo" and add my extra information. But how can I >> retrieve it from the subject? >> Best regards, >> /Bengt >> >> >> > > > > -- > http://khangaonkar.blogspot.com/
