I'm reading up on Apache Shiro and like to see if I got this mental model right.
From the docs: "A
Realm is a component that can access application-specific security data such as
permissions". .. "Realms usually have a 1-to-1 correlation with a data source such as a relational database, LDAP directory, file system, or other similar resource. "
Moreover, I've read that an
application may include multiple
realms for its authentication and authorization purposes.
Ok so great, but how do this
Realms relate to the concept of a User?
- is every
Realm expected to be a partition over the user-space? I.e: a
User may only ever occur in 1
- or, and this is what I'm expecting,
Realms can be used to layer authentication & authorization on top of eachother and may work on the same
User. However in that case, where is the
User managed? It should be somewhere external to a
Realm I guess, but where?
Perhaps I'm confused by this because I'm thinking of
User as a single entity (e.g: of me there can be only one) . And should instead be thinking of
User as a
UserAccount. I.e.: Each
Realm manages it's own
Useraccounts (in the docs called
User), but a
User may have multiple
UserAcounts. Is that correct?
Assuming the above is correct:
- is there any logic that enables me to query for all
UserAccounts of a given User? I.e: basically merging all
Useraccounts together to get a complete view of the
- does the concept of
User in this case (1
User possibly having multiple
UserAccounts) even exist in Shiro?