{"id":188,"date":"2015-04-21T08:30:50","date_gmt":"2015-04-21T08:30:50","guid":{"rendered":"http:\/\/blog.stratio.com\/?p=188"},"modified":"2023-09-20T13:47:18","modified_gmt":"2023-09-20T13:47:18","slug":"supporting-service-based-multi-realm-authentication-and-authorization","status":"publish","type":"post","link":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/","title":{"rendered":"Supporting service-based multi realm authentication and authorization"},"content":{"rendered":"

Security is often a forgotten concern in Big Data environments. However, as these technologies are being embraced by companies with sensitive data (think, for example, about banks or insurance companies),\u00a0security is a growing requirement<\/strong>. In\u00a0Stratio<\/a>, we are aware of our clients’ needs, so we are studying the development of\u00a0an integrated security solution for our platform.<\/p>\n

We have chosen\u00a0Apache Shiro<\/a>\u00a0as the main component of our future security solution, because it is a well-known and tested platform that (almost) fits our needs. Of course, we have performed some extensions for supporting specific requirements in our platform. First of all, we aim to provide our security API in a distributed and scalable way, so we have implemented an\u00a0actor system<\/strong>\u00a0based in\u00a0Akka<\/a>\u00a0for managing the underlying Apache Shiro library. Also, as we expect to provide users with fine-grained permissions and due to the amount of elements expected (i.e., a huge numbers of users with different permissions on a huge numbers of tables), we also have implemented a\u00a0distributed cache<\/strong>\u00a0for improving the performance of the system. Those points will be treated in future posts.<\/p>\n

<\/h3>\n

Authentication and authorization<\/h3>\n

Shiro supports\u00a0out-of-the-box multiple realm authentication and authorization<\/strong>. But we need to have the ability to provide that for each or our platform\u2019s modules. We have implemented our own\u00a0custom Shiro Realm<\/strong>\u00a0supporting authentication and authorization, and aggregating an arbitrary number of realms (LDAP<\/strong>,\u00a0JDBC<\/strong>,\u00a0file-based realms<\/strong>, or\u00a0custom realms<\/strong>) performing an authentication strategy over all of them and authorizing the platforms users. A remarkable point is that, with our current custom realm implementation, the aggregating realms can share specific authentication and authorization systems. For example,\u00a0service1<\/em>\u00a0and\u00a0service2<\/em>\u00a0realms can reuse the same LDAP for performing authentication and the same JDBC repository for permission checking.<\/p>\n

\"authentication\"<\/a><\/p>\n

Creating the custom StratioRealm<\/h3>\n

Since we want to support both authentication and authorization, our realm must extend Shiro class\u00a0AuthorizingRealm<\/a>\u00a0(which also extends\u00a0AuthenticatingRealm<\/a>), and override the\u00a0doGetAuthenticationInfo<\/strong>\u00a0and\u00a0doGetAuthorizationInfo<\/strong>\u00a0methods, where we will perform our authentication and authorization operations. Our\u00a0StratioRealm<\/strong>\u00a0also includes a service name attribute and two lists of authenticating and authorizing realms.
\nThis way, we achieve our original goal of supporting multiple realm security operations for each of our platform modules.<\/p>\n

private String service;\nprivate List authenticatingRealms;\nprivate List authorizingRealms;\n<\/pre>\n
Within the overridden methods, we perform authentication and authorization against each one of the configured realms and return a merged result (principals, in the case of authentication; roles and its associated permissions in the case of authorization). We found one\u00a0caveat<\/strong>\u00a0here: the\u00a0method performing authorization for specific authorization realms is protected<\/strong>, so we can\u2019t call it directly inside our code. Our workaround is\u00a0implementing a wrapper for AuthorizingRealm with the same package name<\/strong>, and exposing the desired methods as public there.<\/p>\n
@Override\nprotected StratioAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {\n\tStratioAuthenticationInfo authInfo = null;\n\ttry {\n\t\tfor (AuthenticatingRealm realm: authenticatingRealms) {\n\t\t\tAuthenticationInfo auth = realm.getAuthenticationInfo(authenticationToken);\n\t\t\tif (MergableAuthenticationInfo.class.isInstance(auth)) {\n\t\t\t\tif (authInfo == null) {\n\t\t\t\t\tauthInfo = new StratioAuthenticationInfo(auth);\n\t\t\t\t} else {\n\t\t\t\t\tauthInfo.merge(auth);\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tthrow new AccountException(\"Impossible to merge AuthenticationInfo\");\n\t\t\t}\n\t\t}\n\t\tauthInfo.setMainRealm(this);\n\t\treturn authInfo;\n\t} catch (AuthenticationException e) {\n\t\tthrow new AuthenticationException(e);\n\t}\n}@Override\nprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {\n\tSimpleAuthorizationInfo authInfo = null;\n\ttry {\n\t\tfor (Realm realm: authorizingRealms) {\n\t\t\tAuthorizingRealmWrapper authorizingRealmWrapper = new AuthorizingRealmWrapper((AuthorizingRealm) realm);\n\t\t\tSimpleAuthorizationInfo auth = (SimpleAuthorizationInfo) authorizingRealmWrapper.doGetAuthorizationInfo(principalCollection);\n\t\t\tif (authInfo == null) {\n\t\t\t\tauthInfo = auth;\n\t\t\t} else {\n\t\t\t\tif (authInfo.getRoles() != null) {\n\t\t\t\t\tauthInfo.addRoles(auth.getRoles());\n\t\t\t\t}\n\t\t\t\tif (authInfo.getStringPermissions() != null) {\n\t\t\t\t\tauthInfo.addStringPermissions(auth.getStringPermissions());\n\t\t\t\t}\n\t\t\t\tif (authInfo.getObjectPermissions() != null) {\n\t\t\t\t\tauthInfo.addObjectPermissions(auth.getObjectPermissions());\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn authInfo;\n\t} catch (Exception e) {\n\t\tthrow new AuthorizationException(e);\n\t}\n}\n<\/pre>\n
<\/h3>\n
Implementing an AuthenticationStrategy<\/h3>\n
We have introduced a new parameter (the service\/module name) in the authentication process. Thus, we have to create a specific authentication strategy to take this into account. As we did with the previous\u00a0StratioRealm<\/strong>, we must extends a Shiro class (AbstractAuthenticationStrategy<\/a>) and implement and override its methods. In this case, we expect to receive an authentication token containing an username, a password, and a service name. We have included an additional condition: that service name must match the service name configured in the realm we want to authenticate against. Otherwise, we throw an AuthenticationException and the user is not allowed to use the system. Also, with our current implementation, we enforce the user authentication in every defined subrealm, throwing an error otherwise, but this behaviour can be also customized.<\/p>\n
@Override\npublic AuthenticationInfo afterAllAttempts(AuthenticationToken token, AuthenticationInfo aggregate) {\n\tif (aggregate == null || CollectionUtils.isEmpty(aggregate.getPrincipals()) || !matchServiceRealm(aggregate,\n\ttoken)) {\n\t\tthrow new AuthenticationException(\"Authentication token of type [\" + token.getClass() + \"] \" +\n\t\t\t\"could not be authenticated by any configured realms. Please ensure that at least one realm can \" +\n\t\t\t\"authenticate these tokens.\");\n\t}\n\treturn aggregate;\n}\nprivate boolean matchServiceRealm(AuthenticationInfo aggregate, AuthenticationToken token) {\n\tUsernamePasswordServiceToken serviceToken = (UsernamePasswordServiceToken) token;\n\tStratioAuthenticationInfo auth = (StratioAuthenticationInfo) aggregate;\n\treturn auth.getMainRealm().getService().equals(serviceToken.getService());\n}\n<\/pre>\n
<\/h3>\n
Sample configuration<\/h3>\n
The last step for having our custom solution working is specifying the configuration we want Shiro to use for our set of realms. A simple example of Shiro configuration file:<\/p>\n
# Define JDBC datasources\nds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource\nds.serverName = server1\nds.user = stratio\nds.password = pwd1\nds.databaseName = authdb\n\nds2 = com.mysql.jdbc.jdbc2.optional.MysqlDataSource\nds2.serverName = server2\nds2.user = stratio\nds2.password = pwd2\nds2.databaseName = authdb2\n\n# Define the authenticating realms\n\nuserLdapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm\nuserLdapRealm.userDnTemplate = uid={0},ou=users,dc=stratio,dc=com\nuserLdapRealm.contextFactory.url = ldap:\/\/ldap1\n\ndeepLdapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm\ndeepLdapRealm.userDnTemplate = uid={0},ou=deep,dc=stratio,dc=com\ndeepLdapRealm.contextFactory.url = ldap:\/\/ldap2\n\ncrossdataLdapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm\ncrossdataLdapRealm.userDnTemplate = uid={0},ou=admins,dc=stratio,dc=com\ncrossdataLdapRealm.contextFactory.url = ldap:\/\/ldap3\n\n# Define the authorizing realms\n\njdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm\njdbcRealm.permissionsLookupEnabled=true\njdbcRealm.dataSource = $ds\n\njdbcRealm.userRolesQuery = SELECT role.shortcut FROM auth LEFT JOIN auth_role ON auth_role.auth_id = auth.id LEFT JOIN role ON role.id = auth_role.role_id WHERE auth.name = ?\njdbcRealm.permissionsQuery = SELECT permission.shortcut FROM role JOIN role_permission ON role_permission.role_id = role.id JOIN permission ON permission.id = role_permission.permission_id WHERE role.shortcut = ?\n\njdbcRealm2=org.apache.shiro.realm.jdbc.JdbcRealm\njdbcRealm2.permissionsLookupEnabled=true\njdbcRealm2.dataSource = $ds2\n\njdbcRealm2.authenticationQuery = SELECT name FROM auth WHERE name = ?\njdbcRealm2.userRolesQuery = SELECT role.shortcut FROM auth LEFT JOIN auth_role ON auth_role.auth_id = auth.id LEFT JOIN role ON role.id = auth_role.role_id WHERE auth.name = ?\njdbcRealm2.permissionsQuery = SELECT permission.shortcut FROM role JOIN role_permission ON role_permission.role_id = role.id JOIN permission ON permission.id = role_permission.permission_id WHERE role.shortcut = ?\n\n# Define a realm for Stratio Deep Module with two authenticating realms and two authorizing realms.\ndeepRealm = com.stratio.datagov.security.authc.realm.StratioRealm\ndeepRealm.service = deep\ndeepRealm.authenticatingRealms = $deepLdapRealm, $userLdapRealm\ndeepRealm.authorizingRealms = $jdbcRealm, $jdbcRealm2\n\n# Define a realm for Stratio Crossdata Module with two authenticating realms and an authorizing realm.\ncrossdataRealm = com.stratio.datagov.security.authc.realm.StratioRealm\ncrossdataRealm.service = crossdata\ncrossdataRealm.authenticatingRealms = $crossdataLdapRealm, $userLdapRealm\ncrossdataRealm.authorizingRealms = $jdbcRealm\n\n# Configure the custom realms into Shiro\u2019s Security Manager\nsecurityManager.realms= $adminRealm, $crossdataRealm\n\n#Configure the custom authentication strategy\nauthcStrategy = com.stratio.datagov.security.authc.pam.CustomAuthenticationStrategy\nsecurityManager.authenticator.authenticationStrategy = $authcStrategy\n<\/pre>\n
<\/h3>\n
Conclusions and future work<\/h3>\n
Some conclusions extracted from this post:<\/p>\n
    \n
  • Security has a growing value<\/strong>\u00a0for Big Data systems.<\/li>\n
  • There are\u00a0several interesting open source projects<\/strong>\u00a0that might be used for securizing our systems.<\/li>\n
  • It is more than likely that you should\u00a0extend some points of your tool of choice<\/strong>. We have done it with our solution adding actor support and customizing the authentication and authorization processes.<\/li>\n
  • We expect to develop an\u00a0integrated user management solution<\/strong>, with capabilities for\u00a0quarantining<\/strong>\u00a0users,\u00a0expiring sessions<\/strong>\u00a0and fully configuring the authentication and authorization realms.<\/li>\n
  • Another step is developing a solution for\u00a0auditing every user operation<\/strong>\u00a0inside the platform.<\/li>\n<\/ul>\n
    We look forward to reading your questions and suggestions. Feel free to comment!<\/p>\n","protected":false},"excerpt":{"rendered":"
    Security is often a forgotten concern in Big Data environments. However, as these technologies are being embraced by companies with sensitive data (think, for example, about banks or insurance companies),\u00a0security is a growing requirement. <\/p>\n","protected":false},"author":1,"featured_media":269,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[686],"tags":[19],"ppma_author":[795],"yoast_head":"\nService-based multi realm authentication and authorization - Stratio Blog<\/title>\n<meta name=\"description\" content=\"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supporting service-based multi realm authentication and authorization\" \/>\n<meta property=\"og:description\" content=\"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\" \/>\n<meta property=\"og:site_name\" content=\"Stratio\" \/>\n<meta property=\"article:published_time\" content=\"2015-04-21T08:30:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-20T13:47:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"312\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stratio\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stratiobd\" \/>\n<meta name=\"twitter:site\" content=\"@stratiobd\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stratio\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\"},\"author\":{\"name\":\"Stratio\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/d0377b199cd052b17e15c9ba44c45ab7\"},\"headline\":\"Supporting service-based multi realm authentication and authorization\",\"datePublished\":\"2015-04-21T08:30:50+00:00\",\"dateModified\":\"2023-09-20T13:47:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\"},\"wordCount\":746,\"publisher\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg\",\"keywords\":[\"Big Data\"],\"articleSection\":[\"Product\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\",\"url\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\",\"name\":\"Service-based multi realm authentication and authorization - Stratio Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg\",\"datePublished\":\"2015-04-21T08:30:50+00:00\",\"dateModified\":\"2023-09-20T13:47:18+00:00\",\"description\":\"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage\",\"url\":\"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg\",\"contentUrl\":\"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg\",\"width\":730,\"height\":312},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stratio.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supporting service-based multi realm authentication and authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#website\",\"url\":\"https:\/\/www.stratio.com\/blog\/\",\"name\":\"Stratio Blog\",\"description\":\"Corporate blog\",\"publisher\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stratio.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#organization\",\"name\":\"Stratio\",\"url\":\"https:\/\/www.stratio.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/stratio.com\/blog\/wp-content\/uploads\/2020\/06\/stratio-web-logo-1.png\",\"contentUrl\":\"https:\/\/stratio.com\/blog\/wp-content\/uploads\/2020\/06\/stratio-web-logo-1.png\",\"width\":260,\"height\":55,\"caption\":\"Stratio\"},\"image\":{\"@id\":\"https:\/\/www.stratio.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/stratiobd\",\"https:\/\/es.linkedin.com\/company\/stratiobd\",\"https:\/\/www.youtube.com\/c\/StratioBD\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/d0377b199cd052b17e15c9ba44c45ab7\",\"name\":\"Stratio\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/image\/bb38888f58c2bb664646155f78ae6ccc\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e3387ad00609f34a56d6796400eb8191?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e3387ad00609f34a56d6796400eb8191?s=96&d=mm&r=g\",\"caption\":\"Stratio\"},\"description\":\"Stratio guides businesses on their journey through complete #DigitalTransformation with #BigData and #AI. Stratio works worldwide for large companies and multinationals in the sectors of banking, insurance, healthcare, telco, retail, energy and media.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Service-based multi realm authentication and authorization - Stratio Blog","description":"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/","og_locale":"en_US","og_type":"article","og_title":"Supporting service-based multi realm authentication and authorization","og_description":"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.","og_url":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/","og_site_name":"Stratio","article_published_time":"2015-04-21T08:30:50+00:00","article_modified_time":"2023-09-20T13:47:18+00:00","og_image":[{"width":730,"height":312,"url":"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg","type":"image\/jpeg"}],"author":"Stratio","twitter_card":"summary_large_image","twitter_creator":"@stratiobd","twitter_site":"@stratiobd","twitter_misc":{"Written by":"Stratio","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#article","isPartOf":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/"},"author":{"name":"Stratio","@id":"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/d0377b199cd052b17e15c9ba44c45ab7"},"headline":"Supporting service-based multi realm authentication and authorization","datePublished":"2015-04-21T08:30:50+00:00","dateModified":"2023-09-20T13:47:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/"},"wordCount":746,"publisher":{"@id":"https:\/\/www.stratio.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg","keywords":["Big Data"],"articleSection":["Product"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/","url":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/","name":"Service-based multi realm authentication and authorization - Stratio Blog","isPartOf":{"@id":"https:\/\/www.stratio.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage"},"image":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg","datePublished":"2015-04-21T08:30:50+00:00","dateModified":"2023-09-20T13:47:18+00:00","description":"Security is often a forgotten concern in Big Data environments. We have implemented our own custom Shiro Realm supporting authentication and authorization.","breadcrumb":{"@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#primaryimage","url":"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg","contentUrl":"https:\/\/www.stratio.com\/blog\/wp-content\/uploads\/2015\/04\/shiro.jpg","width":730,"height":312},{"@type":"BreadcrumbList","@id":"https:\/\/www.stratio.com\/blog\/supporting-service-based-multi-realm-authentication-and-authorization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stratio.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Supporting service-based multi realm authentication and authorization"}]},{"@type":"WebSite","@id":"https:\/\/www.stratio.com\/blog\/#website","url":"https:\/\/www.stratio.com\/blog\/","name":"Stratio Blog","description":"Corporate blog","publisher":{"@id":"https:\/\/www.stratio.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stratio.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.stratio.com\/blog\/#organization","name":"Stratio","url":"https:\/\/www.stratio.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stratio.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/stratio.com\/blog\/wp-content\/uploads\/2020\/06\/stratio-web-logo-1.png","contentUrl":"https:\/\/stratio.com\/blog\/wp-content\/uploads\/2020\/06\/stratio-web-logo-1.png","width":260,"height":55,"caption":"Stratio"},"image":{"@id":"https:\/\/www.stratio.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/stratiobd","https:\/\/es.linkedin.com\/company\/stratiobd","https:\/\/www.youtube.com\/c\/StratioBD"]},{"@type":"Person","@id":"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/d0377b199cd052b17e15c9ba44c45ab7","name":"Stratio","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.stratio.com\/blog\/#\/schema\/person\/image\/bb38888f58c2bb664646155f78ae6ccc","url":"https:\/\/secure.gravatar.com\/avatar\/e3387ad00609f34a56d6796400eb8191?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e3387ad00609f34a56d6796400eb8191?s=96&d=mm&r=g","caption":"Stratio"},"description":"Stratio guides businesses on their journey through complete #DigitalTransformation with #BigData and #AI. Stratio works worldwide for large companies and multinationals in the sectors of banking, insurance, healthcare, telco, retail, energy and media."}]}},"authors":[{"term_id":795,"user_id":1,"is_guest":0,"slug":"stratioadmin","display_name":"Stratio","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/e3387ad00609f34a56d6796400eb8191?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/posts\/188"}],"collection":[{"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/comments?post=188"}],"version-history":[{"count":10,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions"}],"predecessor-version":[{"id":13919,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/posts\/188\/revisions\/13919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/media\/269"}],"wp:attachment":[{"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/media?parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/categories?post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/tags?post=188"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.stratio.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}