shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jared Bunting <>
Subject Re: Advise on authorization strategy
Date Thu, 28 Apr 2011 11:19:57 GMT
Using a custom realm you can generate permissions rather than store them locally.  So, in doGetAuthorizationInfo,
you could do something like:

List<String> permissions = new ....;
for(Employee emp: getSupervisedEmployees()) {
  for(int reportId: emp.getReportIds()) {
    permissions.add("report:" + reportId);

Will that accomplish what you want?


Dmitry <> wrote:

by target you mean third part of permission? reports:view:<target-id> (e.g.

well.. it can work, but if supervisor is changed (which is possible) i have
to transfer all permissions to other guy.

So i was looking to some extension to Shiro maybe, where i can consolidate
implication logic for access to particular report.  Even may be http request
filter can work.

and also it doesn't seem that my realm called twice, looks Shiro is caching
permissions, how can i make them dynamic?

View this message in context:
Sent from the Shiro User mailing list archive at

View raw message