You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Pillar <so...@hotmail.com> on 2013/08/02 20:52:52 UTC
Dynamic security model permission check implementation
I have a security model that depends on Permissions coming from many dynamic
elements: created/deleted objects, statutes, time of day, other users'
activity, etc. In other words, I can't cache an AuthorizationInfo object and
the AuthorizationInfo object takes data from many places (ie. many DB
calls). On top of that, my uses cases usually only require a check for a
single permission (ex: only the time of day, not all the rest), so it makes
sense to only check that instead of comparing to all the permissions
available.
Would it be a bad idea to implement a (or many) subclass of Permission that
does its own check in the DB?
public class StatusPermission implements Permission {
private Status status; // + setter and getter
public boolean check(PrincipalCollection collection, Connection
connection /* DB */) {
/*
* some PreparedStatement that checks the principal's (my user)
status and compares it to the instance field
*/
}
public boolean implies (Permission perm) {
/* doesn't matter */
}
}
Is this acceptable or will it fail in some Shiro execution path? Are there
better patterns for what I want to do?
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Dynamic-security-model-permission-check-implementation-tp7579004.html
Sent from the Shiro User mailing list archive at Nabble.com.