I'm developing a web application where when a user logs with a username and passsword, they may belong to more than one organization. If they do, they must select which organization they're logging in to, and for the rest of their session that will be the only organization they have access to. I'm tracking the "organization ID" in the http session and this seems to work.
The problem I'm having is a user may have a different role depending on the organization they're logging in for. So a user for company A might be a manager, but for company B be a sales person. So in my case, I'm having trouble trying to convey this information to the doGetAuthorizationInfo in my custom authorizing realm, since it takes only a PrincipalCollection as a parameter. I've thought about ways to add the selected organization ID to the principal collection in my doGetAuthenticationInfo, but the only way I can see this working is if a user enters their login credentials again. I have no problem knowing who the user is upon authentication. I just don't know what their role(s) and corresponding permissions will be until they have selected a organization, and I don't know how to convey that information to my realm. If anyone can give me some pointers it would be greatly appreciated. And if I haven't adequately described my situation I'll gladly provide more detail. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Different-Roles-based-on-Organization-tp7579375.html Sent from the Shiro User mailing list archive at Nabble.com.
