With Bootique you can specify users and role is your bootique.yml file, but for most use cases we need to retrieve user information from some other data source. For that we need to create our own Shiro Realm to retrieve and authorize our users. In this post we'll look at a custom Shiro Realm found in my Bootique Shiro Demo app on GitHub.
We're going to name our Shiro Realm NixmashRealm extending Apache Shiro AuthorizingRealm. The purpose of NixmashRealm is to retrieve the Shiro Subject on Login() and when the Subject's Roles and Permissions are required, like when a path has roles[admin] assigned in the bootique.yml. Here is the class layout where you see it overrides the AuthorizingRealm doGetAuthorizationInfo() and doGetAuthenticationInfo() returning an AuthenticationInfo object on Login() and AuthorizationInfo for Role and Permission testing.
Using the Custom Realm
As I said we first use our custom realm on Login() which returns an AuthenticationInfo object if the user with the submitted credentials is found. If the user is not found an Authentication Exception is thrown. Here is how we're interacting with the Shiro Realm from our LoginController [POST] method.
Adding the Realm to Bootique
One final step is required, adding the realm to the Bootique Shiro Module in the app main module config().
Source Code Notes for this Post
Source code discussed in this post is found in my Bootique Shiro Demo app on GitHub.