Hi, if this has been answered I apologize for not being able to find the answer. I have been trying to find some example of the best way to do this in many different apps/frameworks etc...
I will try to be as concise as possible; I have a Swing Desktop Application (utilizing BSAF to enable JSR-296) I use Spring but I do not use Spring Web MVC or any jsp or web based technologies. I currently expose my services using HttpInvokerServiceExporter but may make them web service endpoints and if I do I don't want to have to revisit the security at all. I really would prefer not to secure anything by url I need to be able to show/hide different menu's/actions/commands in the client based on their permissions I also need to filter data based on permissions/roles (I am thinking I will need to extend the permissions to be a rich object rather than just strings) I will need to dynamically add roles and assign permissions to those roles. We service many clients and they can set up their security hierarchy in any way they choose It obviously needs to be thread safe but I am not convinced I want to use the JSESSION/cookie protocol but maybe I do. What is the best configuration to use? Is there a way to simulate or utilize the way SpringSecurityContext holds onto its information in a ThreadLocal? Best of all is there an example of this being used? I do have the spring-hibernate, spring and spring-client code and have looked through it but as I said, I do not want to use the whole web MVC approach. I would rather attach to the actual methods and data rather than urls. Thanks in advanced Can I -- View this message in context: http://shiro-user.582556.n2.nabble.com/Spring-but-non-web-tp5540149p5540149.html Sent from the Shiro User mailing list archive at Nabble.com.
