shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Shiro Authorization Guide
Date Fri, 25 Mar 2011 18:34:12 GMT
Hi guys,

Until we can spend a proper amount of time writing the docs for this,
here is the 'Cliff's Notes' version:

Shiro has three important cache interfaces:

org.apache.shiro.cache.CacheManager and
org.apache.shiro.cache.Cache
org.apache.shiro.cache.CacheManagerAware

A CacheManager returns Cache instances and various Shiro components
use those Cache instances to cache data as necessary.  Any Shiro
component that implements CacheManager will automatically receive a
configured CacheManager, where it can be used to acquire Cache
instances.

The Shiro SecurityManager implementations and all AuthorizingRealm
implementations implement CacheManagerAware.  If you set the
CacheManager on the SecurityManager, it will in turn set it on the
various Realms that implement CacheManagerAware as well (OO
delegation).  For example, in shiro.ini:

securityManager.realms = $myRealm1, $myRealm2, ..., $myRealmN
...
cacheManager = my.implementation.of.CacheManager
...
securityManager.cacheManager = $cacheManager
# at this point, the securityManager and all CacheManagerAware
# realms have been set with the cacheManager instance

We have out-of-the-box Ehcache implementations of CacheManager/Cache,
so you can use that today if you wanted.  Otherwise, you can implement
your own CacheManager (e.g. via Coherence, etc) and configure it as
above, and you'll be good to go.

Finally note that AuthorizingRealm has a convenience method
'clearCachedAuthorizationInfo' that can be called by subclasses to
evict the cached authzInfo for a particular account.  It is usually
called by custom logic if the corresponding account's authz data has
changed (to ensure the next authz check will pick up the new data).

Does this help?  Are there any glaring holes that you guys are still
wondering about?

Cheers,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

Mime
View raw message