public void init() throws ShiroException { this.setSessionManager( new DefaultSessionManager() ); // This could be injected // Authorizer ExceptionCatchingModularRealmAuthorizer authorizer = new ExceptionCatchingModularRealmAuthorizer( this.getRealms() ); // if we have a Role Permission Resolver, set it, if not, don't worry about it if ( rolePermissionResolver != null ) { authorizer.setRolePermissionResolver( rolePermissionResolver ); logger.debug( "RolePermissionResolver was set to " + authorizer.getRolePermissionResolver() ); } else { logger.warn( "No RolePermissionResolver is set" ); } this.setAuthorizer( authorizer ); // set the realm authenticator, that will automatically deligate the authentication to all the realms. FirstSuccessfulModularRealmAuthenticator realmAuthenticator = new FirstSuccessfulModularRealmAuthenticator(); realmAuthenticator.setAuthenticationStrategy( new FirstSuccessfulStrategy() ); // Authenticator this.setAuthenticator( realmAuthenticator ); } }