You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by mutak <mu...@gmail.com> on 2014/11/26 00:04:36 UTC

Few fast questions about authorization

Hi.

I have few simple (I think) questions:
I have a realm which extends AuthorizingRealm
1. should I add roles and permissions to doGetAuthorizationInfo ? Is this is
the place where this is done?
2. Where is made a check if user has permissions to given URL? For example
user has authenticated, and he request admin panel page. Where should I
check if user has access? If I have a mapping for that page in spring, I
should get Subject object and then I should check if this subject has rights
to that resource?
3. I would like to add user to few groups (roles). Each role has some
permissions. Is there a place where permissions for given role are checked?



--
View this message in context: http://shiro-user.582556.n2.nabble.com/Few-fast-questions-about-authorization-tp7580341.html
Sent from the Shiro User mailing list archive at Nabble.com.