I am trying to implement fine-grained auth using Shiro in a Google App Engine app storing permissions using JDO. It looks like subclassing DomainPermission is the way to go. I want to exploit the wildcard setup (thanks for that!), but I am having a hard time understanding how the constructors and setParts methods in DomainPermission are going to interact with my persistent data. Specifically, neither the constructors that take actions and/or targets as arguments nor the setParts method call setters for the domain, action or targets properties of the class. Similarly, the default setter implementations don't call setParts. I was assuming that the way to extend this (per comment in the javadoc) was to override the property getters and setters to interact with the backing store. But that doesn't look like it will work without also overriding the constructors and setParts. Is that the intent? Is there an example somewhere using JDBC or any other persistence store?
Sorry if this is a question for the user list, but since it is about the Shiro sources, I thought I would ask here. Could well be I am misunderstanding the setup as I am pretty new to Shiro. Thanks in advance for patience. Phil
