You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Mark <el...@gmail.com> on 2015/09/10 20:20:12 UTC
Attach a Subject to custom object
I have a custom object store and would like to attach a Subject object to
each entry in the store and include permissions to that object. Is this
possible with Shiro?
Re: Attach a Subject to custom object
Posted by Mark <el...@gmail.com>.
Thanks Les. That does clear things up.
On Thu, Sep 10, 2015 at 2:43 PM, Les Hazlewood <lh...@apache.org>
wrote:
> A Subject is a transient object - created at the beginning of a
> request or thread's execution based on authentication state or account
> identity, so you wouldn't attach a Subject to a data record for
> example.
>
> That said, you can achieve what you want w/ Shiro - you typically
> store permissions on an account record in a data store, and that
> account state is loaded by a Shiro Realm during an authentication
> attempt or authorization check. Realms can cache this state so that
> subsequent authorization checks don't have to access the source
> datastore continuously.
>
> A Subject instance maintains a pointer to that account state (i.e. an
> account id) after login so it can be accessed via the Subject at any
> point later.
>
> HTH!
>
> --
> Les
>
>
> On Thu, Sep 10, 2015 at 11:20 AM, Mark <el...@gmail.com> wrote:
> > I have a custom object store and would like to attach a Subject object to
> > each entry in the store and include permissions to that object. Is this
> > possible with Shiro?
> >
> >
>
Re: Attach a Subject to custom object
Posted by Les Hazlewood <lh...@apache.org>.
A Subject is a transient object - created at the beginning of a
request or thread's execution based on authentication state or account
identity, so you wouldn't attach a Subject to a data record for
example.
That said, you can achieve what you want w/ Shiro - you typically
store permissions on an account record in a data store, and that
account state is loaded by a Shiro Realm during an authentication
attempt or authorization check. Realms can cache this state so that
subsequent authorization checks don't have to access the source
datastore continuously.
A Subject instance maintains a pointer to that account state (i.e. an
account id) after login so it can be accessed via the Subject at any
point later.
HTH!
--
Les
On Thu, Sep 10, 2015 at 11:20 AM, Mark <el...@gmail.com> wrote:
> I have a custom object store and would like to attach a Subject object to
> each entry in the store and include permissions to that object. Is this
> possible with Shiro?
>
>