shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jared Bunting <>
Subject Role "Nesting" or "Inheriting" and RolePermissionResolvers
Date Tue, 21 Dec 2010 22:41:20 GMT
I have attempted to search the archives but have been unable to find
anything on this subject.  If it¹s been discussed before, can anybody clue
me into search terms?

I¹ve noticed that it does not appear that any of the built-in realms in
Shiro support the concept of role inheritance ­ roleA inherits permissions
from roleB.  I can see situations in where this would be valuable,
particularly in combining multiple realms in an authorization scheme.  I am
curious as to whether this sort of functionality has been considered before,
and what are the thoughts on it?  Would contributions to this effect be

In particular, I am considering a situation where an application defines
fine-grained permissions ­ but also defines a set of roles (admin, reader,
writer) that have a default set of permissions.  An organizational ldap
schema might define users and their organizational-oriented groups
(developer, tester, sysadmin, manager, etc).  Being able to map
organizational roles to the default application roles could make integrating
an application into an existing infrastructure considerably easier.  Are
there other solutions for doing this sort of thing?

This also brings me to a related question.  Is there any reason that the
default realms don¹t implement / support the RolePermissionResolver
interface?  Again, this seems like it could be useful in combining
application-specific configuration with organization-specific configuration.

I seek your thoughts and comments.

Thank you,

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message