I am working on a web project using Java
/ Spring
/ Apache Shiro
,
there are 3 different user types in 3 individual db tables, 2 user types login from web page, 1 user type login from mobile.
I have implemented a Realm
which extends AuthorizingRealm
, but it seems difficult for me to provide a single Restful API to let the 3 user types to login.
My current thought is:
Define a new token class which extends UsernamePasswordToken
, and add a new field accountType
, when user login first check account type param, then decide which table to query, and use combination of accountType
and username
as Principal
.
My question is:
loginUrl
for 3 different user, especial for mobile client, it should be a json result
other than a url, right?I have kind solved the problem.
Here is what I did:
UsernamePasswordToken
, and add a accountType field.accountType:username
as principal. Need to override relevant methods.accountType
parameter.