Thanks Les and Manoj! I understand your point about not storing too much information in the subject Les. In this case my realm implementation asks another system to authenticate the user. In the response I can found out if the authentication succeeded or not. If it succeeded then I will also get the clear text name of the authenticated user. Currently there is no "user service" - only this authentication service. Therefore, it would be nice if I could retrieve the clear text name and store it for future use since there is no easy way (right now anyway) to look it up from the principal id.
So for this case I will take a look at the PrincipalCollection to see if it can be used for this. Thank you both, /Bengt 2011/11/8 Les Hazlewood <[email protected]> > Yes, Manoj is correct - you can associate more information with the > PrincipalCollection if you wish and query the PrincipalCollection > during runtime - nothing wrong with that approach. I personally like > to keep only a single user ID in the PrincipalCollection and use that > to look up any additional data as necessary. > > Either approach is fine, but if you find that you're storing a lot of > information in the PrincipalCollection, it's better to reduce it to a > single principal and look up additional data as necessary due to the > serialization concerns I mentioned previously. > > HTH, > > -- > Les Hazlewood > CTO, Katasoft | http://www.katasoft.com | 888.391.5282 > twitter: @lhazlewood | http://twitter.com/lhazlewood > katasoft blog: http://www.katasoft.com/blogs/lhazlewood > personal blog: http://leshazlewood.com > > On Tue, Nov 8, 2011 at 10:30 AM, Manoj Khangaonkar > <[email protected]> wrote: > > Hi Bengt, > > > > Subject can have more than 1 principal. > > > > subject.getPrincipals() returns a principalCollection. > > SimpleAuthenticationInfo takes PrincipalCollection. > > > > You can associate additional user attributes with the subject using > > principalcollection. > > > > Manoj > > > > On Tue, Nov 8, 2011 at 5:39 AM, Bengt Rodehav <[email protected]> wrote: > >> I'm using Shiro 1.1 and I've implemented my own realm to be able to > delegate > >> authentication to a legacy application. > >> I have extended "AuthorizingRealm" and my "doGetAuthenticationInfo" > method > >> returns a "SimpleAuthenticationInfo" containing the user and the > password. > >> To check who is logged in I call > >> Subject currentUser = SecurityUtils.getSubject(); > >> From the subject I can found out who is logged in by calling: > >> currentUser.getPrincipal().toString() > >> This gives me the login name. I'm not sure if this is how I should do > it but > >> it seems to work fine. However, I also want to retrieve a clear text > name > >> for the currently logged in user. I get this information from our legacy > >> application and I'd like to present it in our web application. How can > I do > >> this? > >> I assume that what is returned from my "doGetAuthenticationInfo" method > >> somehow is stored in the subject. I guess that I could then subclass > >> "SimpleAuthenticationInfo" and add my extra information. But how can I > >> retrieve it from the subject? > >> Best regards, > >> /Bengt > >> > >> > >> > > > > > > > > -- > > http://khangaonkar.blogspot.com/ >
