shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Ledbrook <>
Subject Re: ACL with Shiro? How?
Date Fri, 05 Nov 2010 13:23:23 GMT
> I asked for a start point because I didn't know if this approach which came
> first to my mind is correct. Because there is no example in the Shiro
> documentation about creating an ACL.

OK, fair enough. Have a look at the section "Fine tuning the access
control" on That will hopefully give
you a reasonable idea of how wildcard permissions work.

> Set let me get that clear. In Shiro everything what needs to be done should
> be done with the permission strings. So basically the approach for every
> permission is, think of an clever idea how to create the permission strings
> and use them in the Data Access Methods to build a Query.

You don't have to use permission strings - you can use your own
Permission objects if you want. The string-based wildcard permissions
are a convenience that Shiro supports out of the box. They are
implemented as a WildcardPermission class that implements Permission
(unless that's changed recently).

The intention is not that the realm executes an elaborate SQL query to
do the permission check but that the user's permissions are loaded and
compared with the required permission. This is what the
AuthorizingRealm implementation provided with Shiro does. You could
either use JdbcRealm or create your own realm that extends

Hope that helps,


Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware

View raw message