You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Thomas Sauzedde <th...@gmail.com> on 2011/01/07 11:45:49 UTC
Fine grained user authorization ?
I'm wondering how I could achieve a fine grained user authorization.
Let's take an example : Activities ...
I would like activities to be :
- strictly private by default
- shared by the end-user to his "friends"
- made public by the end-user
In Shindig (Java), I already identified some options but I really don't
know if one of them is really better, or perhaps if there is another way
to achieve this.
My idenfied options :
- Implement all the logic in my ActivityService implementation
pro : easy to do, everything is at disposal to do so
cons : if I want to generalize the authorization stuff to all
services, I need to repeat the logic in all the backends / services
implementations
- Delegates this task to Shiro
pro : it is typically a job for this lib
cons : I really don't know where this could be done : early in
the ShiroFilterServlet ?, in the backend / service implementations ?,
somewhere else ?
Does anyone have some advices / samples for me ?
Thanks in advance
--
Tom