Home/ Questions/Q 9064605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T16:17:47+00:00

How do I configure a Shiro to use Active Directory Authentication, but in addition

  • 0

How do I configure a Shiro to use Active Directory Authentication, but in addition I want to map the usernames to custom roles. I can’t seem to find any information on this. Can anyone give me any pointers?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To do Active Directory Authentication use the JndiLdapRealm

    For the authorization override the method queryForAuthorizationInfo

    Be aware that you probably get group from your AD so you have to provide your own mapping (group to role).

    About this shiro reference manual say :

    A RolePermissionResolver can be used by a Realm internally when needing to translate a role name into a concrete set of Permission instances.

    This is a particularly useful feature for supporting legacy or inflexible data sources that may have no notion of permissions.

    For example, many LDAP directories store role names (or group names) but do not support association of role names to concrete permissions because they have no ‘permission’ concept. A Shiro-based application can use the role names stored in LDAP, but implement a RolePermissionResolver to convert the LDAP name into a set of explicit permissions to perform preferred explicit access control. The permission associations would be stored in
    another data store, probably a local database.

    Hope this will help

    • 0