Hi Diego, Yes, typically people subclass JDBCRealm (or any other subclass of AuthenticatingRealm) and perform their own access control checks based on their data model. Nearly every application's data model is unique, so only your Realm subclass would know best how to perform those checks.
Also, if you don't mind caching a user's authorization data after they log in and for the length of their session (i.e. you don't mind waiting until they log out or their session times out to pick up updated ACL changes), AuthorizationInfo objects are cached by default automatically for all AuthorizingRealm subclasses that utilize a Cache. The JDBCRealm is one of these classes - you just need to make sure a Cache has been set on the Realm, or alternatively, that you set the CacheManager on the SecurityManager implementation (securityManager.setCacheManager(cacheManager)). Regards, Les On Tue, Jul 14, 2009 at 9:50 AM, <[email protected]> wrote: > Hi everybody, > > After seeing the samples I could use the JDBCRealm for authentication, > however I would like to implement authorization, what I need is to assign > authorization based on the objects, it means that the objects should be > modified only by their owners, I imagine it would be using ACL, however from > the standalone sample I can conclude that I should implement my own > JDBCRealm to customize authorization or is there any other way? > > Thanks in advance, > > -Diego vera > > ------------------------------ > *Von:* mad rug [mailto:[email protected]] > *Gesendet:* Samstag, 11. Juli 2009 23:33 > *An:* [email protected] > *Betreff:* Re: Apache Ki standalone documentaiton > > Hi, > > I'm also using Shiro in an application I'm developing. The best example of > how integrating it with my app was looking at the source code for the Spring > sample. It is simple to understand even if you don't know Spring. Take a > look at the org.jsecurity.samples.spring.BootstrapDataPopulator class in > that sample, it contains the SQL commands for creating the default DB schema > for authentication and authorization. Deploy the sample and test it, look at > the source, and you'll understand it quickly. Also, take a look at the > standalone example and see how can you start Shiro in your application and > you're good to go! ;-) > > Regards > > On Sat, Jul 11, 2009 at 7:06 AM, <[email protected]> wrote: > >> Hi everybody, >> >> I am developing a client/server application, which is none webbased >> application and I am trying to use Apache Ki for the authentication and >> authorization. I found very interesting the quickstart sample from >> Jsecurity, however I cannot figure out how to configure the JDBCRealm in my >> application and which tables I need for the data base. Is there anywhere a >> sample or documentation that could help me to integrate Jsecurity in my >> application? >> >> Thanks in advance, >> >> -Diego Vera >> > >
