You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shindig.apache.org by Thomas Sauzedde <th...@gmail.com> on 2011/01/07 11:45:49 UTC

Fine grained user authorization ?

I'm wondering how I could achieve a fine grained user authorization.

Let's take an example : Activities ...

I would like activities to be :
    - strictly private by default
    - shared by the end-user to his "friends"
    - made public by the end-user

In Shindig (Java), I already identified some options but I really don't
know if one of them is really better, or perhaps if there is another way
to achieve this.

My idenfied options :
    - Implement all the logic in my ActivityService implementation
        pro : easy to do, everything is at disposal to do so
        cons : if I want to generalize the authorization stuff to all
services, I need to repeat the logic in all the backends / services
implementations
    - Delegates this task to Shiro
        pro : it is typically a job for this lib
        cons : I really don't know where this could be done : early in
the ShiroFilterServlet ?, in the backend / service implementations ?,
somewhere else ?

Does anyone have some advices / samples for me ?

Thanks in advance

--
Tom