Apache shiro - How to support multiple user types with individual database tables

Question

I am working on a web project using Java / Spring / Apache Shiro, there are 3 different user types in 3 individual db tables, 2 user types login from web page, 1 user type login from mobile.

I have implemented a Realm which extends AuthorizingRealm, but it seems difficult for me to provide a single Restful API to let the 3 user types to login.

My current thought is:

Define a new token class which extends UsernamePasswordToken, and add a new field accountType, when user login first check account type param, then decide which table to query, and use combination of accountType and username as Principal.

My question is:

1. Would the above thought work? Or how I should improve that?
2. How should I define the loginUrl for 3 different user, especial for mobile client, it should be a json result other than a url, right?

Answer 1

I have kind solved the problem.

Here is what I did:

• Implement UsernamePasswordToken, and add a accountType field.
• Use accountType:username as principal. Need to override relevant methods.
• When login, user need to provide the accountType parameter.
• When query db, according to accountType, query different table.