You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Manoj Khangaonkar <kh...@gmail.com> on 2011/05/13 03:23:14 UTC
assigning permissions directly to users
Hi,
Does Shiro support assigning permissions directly to users ? ( not as roles ).
such as
user1 has permission document:read,write:doc1
user2 has permission document:read,write:doc2
Most examples assign roles to users and permission to roles.
In looking at the implementation of Subject.isPermitted(String perm)
and JdbcRealm.java, I am thinking this is possible. I can store the
user - permission mapping in table and
I would need to override the implementation of
doGetAuthorizationInfo(Principal collection
Am I right about this ?
thanks
Mj
--
http://khangaonkar.blogspot.com/
Re: assigning permissions directly to users
Posted by Manoj Khangaonkar <kh...@gmail.com>.
Hi Les,
thanks !
On Thu, May 12, 2011 at 7:23 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Manoj,
>
> Yep, Shiro does not dictate a security policy or domain model (on
> purpose, as all apps are different). You can make these associations
> however you like (permission to user, permission to role, perm to
> group, etc). Ultimately your Realm implementation determines how
> those associations are resolved.
>
> If your realm implementation subclasses AuthorizingRealm, you can
> return an AuthorizationInfo instance from your doGetAuthorizationInfo
> implementation and populate that instance however you want based on
> your data model.
>
> HTH,
>
> Les
>
> On Thu, May 12, 2011 at 6:23 PM, Manoj Khangaonkar
> <kh...@gmail.com> wrote:
>> Hi,
>>
>> Does Shiro support assigning permissions directly to users ? ( not as roles ).
>>
>> such as
>> user1 has permission document:read,write:doc1
>> user2 has permission document:read,write:doc2
>>
>> Most examples assign roles to users and permission to roles.
>>
>> In looking at the implementation of Subject.isPermitted(String perm)
>> and JdbcRealm.java, I am thinking this is possible. I can store the
>> user - permission mapping in table and
>> I would need to override the implementation of
>> doGetAuthorizationInfo(Principal collection
>>
>> Am I right about this ?
>>
>> thanks
>>
>> Mj
>>
>> --
>> http://khangaonkar.blogspot.com/
>
--
http://khangaonkar.blogspot.com/
Re: assigning permissions directly to users
Posted by Les Hazlewood <lh...@apache.org>.
Hi Manoj,
Yep, Shiro does not dictate a security policy or domain model (on
purpose, as all apps are different). You can make these associations
however you like (permission to user, permission to role, perm to
group, etc). Ultimately your Realm implementation determines how
those associations are resolved.
If your realm implementation subclasses AuthorizingRealm, you can
return an AuthorizationInfo instance from your doGetAuthorizationInfo
implementation and populate that instance however you want based on
your data model.
HTH,
Les
On Thu, May 12, 2011 at 6:23 PM, Manoj Khangaonkar
<kh...@gmail.com> wrote:
> Hi,
>
> Does Shiro support assigning permissions directly to users ? ( not as roles ).
>
> such as
> user1 has permission document:read,write:doc1
> user2 has permission document:read,write:doc2
>
> Most examples assign roles to users and permission to roles.
>
> In looking at the implementation of Subject.isPermitted(String perm)
> and JdbcRealm.java, I am thinking this is possible. I can store the
> user - permission mapping in table and
> I would need to override the implementation of
> doGetAuthorizationInfo(Principal collection
>
> Am I right about this ?
>
> thanks
>
> Mj
>
> --
> http://khangaonkar.blogspot.com/