> I asked for a start point because I didn't know if this approach which came > first to my mind is correct. Because there is no example in the Shiro > documentation about creating an ACL.
OK, fair enough. Have a look at the section "Fine tuning the access control" on http://grails.org/plugin/shiro. That will hopefully give you a reasonable idea of how wildcard permissions work. > Set let me get that clear. In Shiro everything what needs to be done should > be done with the permission strings. So basically the approach for every > permission is, think of an clever idea how to create the permission strings > and use them in the Data Access Methods to build a Query. You don't have to use permission strings - you can use your own Permission objects if you want. The string-based wildcard permissions are a convenience that Shiro supports out of the box. They are implemented as a WildcardPermission class that implements Permission (unless that's changed recently). The intention is not that the realm executes an elaborate SQL query to do the permission check but that the user's permissions are loaded and compared with the required permission. This is what the AuthorizingRealm implementation provided with Shiro does. You could either use JdbcRealm or create your own realm that extends AuthorizingRealm. Hope that helps, Peter -- Peter Ledbrook Grails Advocate SpringSource - A Division of VMware
