You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Marcus Bond <ma...@marcusbond.me.uk> on 2011/10/06 16:02:46 UTC

Custom Realm Help

Hi,

First off, thanks to all contributors to this project for creating it I've
just started using it and appreciate the work that has gone in.

 

I have a question regarding a custom realm implementation which will be
hitting a CouchDB instance to authenticate users. I already wrote an
authentication service and I am now trying to integrate this with Shiro so I
am implementing a Realm and taking as a guide the JDBC realm, however I am
interested to know how often the database is hit to determine if a user
(subject) has permission?

 

What I want to do is at login time, load a user, their roles and permissions
and to have that state remembered and not hit the database for each web
request to see if they have a relevant role (this has the drawback of
requiring a logout for new permissions to be assigned / removed but I can
tackle that issue later). Any recommendations to how I may go about this?
Can I store this stuff in the Subject? I am assuming that when using the
JDBC approach, most interactions would not want to be hitting the database
to find out if they are authorized?

 

Regards,

Marcus.

Re: Custom Realm Help

Posted by Filipe Sousa <na...@gmail.com>.

I'm using this in my realm to enable cache.

   @Override
   protected void onInit() {
      setCachingEnabled(true);
      setCacheManager(new MemoryConstrainedCacheManager());
   }

On Thu, Oct 6, 2011 at 3:02 PM, Marcus Bond <ma...@marcusbond.me.uk> wrote:
> Hi,
>
> First off, thanks to all contributors to this project for creating it I’ve
> just started using it and appreciate the work that has gone in.
>
>
>
> I have a question regarding a custom realm implementation which will be
> hitting a CouchDB instance to authenticate users. I already wrote an
> authentication service and I am now trying to integrate this with Shiro so I
> am implementing a Realm and taking as a guide the JDBC realm, however I am
> interested to know how often the database is hit to determine if a user
> (subject) has permission?
>
>
>
> What I want to do is at login time, load a user, their roles and permissions
> and to have that state remembered and not hit the database for each web
> request to see if they have a relevant role (this has the drawback of
> requiring a logout for new permissions to be assigned / removed but I can
> tackle that issue later). Any recommendations to how I may go about this?
> Can I store this stuff in the Subject? I am assuming that when using the
> JDBC approach, most interactions would not want to be hitting the database
> to find out if they are authorized?
>
>
>
> Regards,
>
> Marcus.



-- 
Filipe Sousa