Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Rather then providing actual realm - provide a template ? #1

snimavat opened this Issue Apr 23, 2012 · 5 comments


None yet
2 participants

snimavat commented Apr 23, 2012

Applications may want to have some specific requirement for authentication - 'Locally Disabled accounts' For example.
With the OauthRealm the plugin provides, there doesn't seem to have any way to implement any thing such.

It may be better that the plugin provides just the template to create Oauth realm, that application or other plugins can modify as their will.

I am working on updating nimble internally, I have made it work with grails 2.x, resources, and I would like to modify it to depend on shiro oauth rather then implementing its own facebook auth. However for that, I think its essential to have flexibility to create own Realm.


pledbrook commented Apr 23, 2012

I really want this to be a drop-in realm. We could add some configuration options, but really the realm itself is pretty straight forward. In fact, "locally disabled accounts" should really be handled by a separate internal Shiro DB realm in my view. You can then integrate this with authentication and authorisation strategies, for example by using a "AllSuccessful" strategy rather than a "AtLeastOneSuccessful" one.


snimavat commented Apr 24, 2012

Yes, AllSuccessful authentication strategy should work for OAuthToken.. But once configured, authentication strategy applies to all tokens, I am not sure if it would be right to force 'AllSuccessful' for other tokens as well.


snimavat commented Jul 29, 2013

So peter, how do we handle UserNamePasswordToken when we have Db realm and OauthRealm with AllSuccessful strategy so that we can support locally disabled facebook accounts. And we can have Ldap and OpenId realms too.

What's your suggestion for solving this issue when using Oauth plugin


pledbrook commented Jul 29, 2013

Sorry, I don't understand the question. What does a locally disabled Facebook account mean? Can the user log in via alternative mechanisms?

I'm pretty sure what you can do is configure the bean OAuthRealmInstance using your own custom implementation, if that's what you want to do. As long as your own doWithSpring is called after that of the shiro-oauth plugin, your implementation will replace the default one. Does that make sense?

I have to admit that I haven't tried this approach myself, but it should work.


snimavat commented Jul 29, 2013

Great, I looked at ShiroGrailsPlugin.groovy but missed that each realm is actually configured as spring bean, so yeah I can replace it and that solves the issue.


@pledbrook pledbrook closed this Aug 1, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment